As 2025 comes to a close, China’s personal information protection enforcement continues to demonstrate sustained intensity and increasing sophistication. Regulatory activity over the past year confirms that personal data protection compliance has become a long-term supervisory priority, characterized by frequent enforcement actions, expanding coverage, and closer scrutiny of actual implementation. In March 2025, the Cyberspace […]
China
China’s Revised Cybersecurity Law: Key Changes and Compliance Implications
On 28 October 2025, the Standing Committee of the 14th National People’s Congress adopted the Decision on amending the Cybersecurity Law of People’s Republic of China. The revised Cybersecurity Law (the “Revised Law”) will take effect on 1 January 2026. This is the first substantial update to the Cybersecurity Law (“Original Law”) since its promulgation […]
Sind Super-Apps unsere Zukunft?
Heutzutage werden etliche Apps angeboten, die das Leben der Nutzer vereinfachen sollten. User können über diese u. a. Einkäufe tätigen, Nachrichten versenden, Verträge schließen sowie eine Bankkarte nutzen. Um diese Tätigkeiten technisch umsetzen zu können, bedarf es regelmäßig verschiedener Apps. Viele Anbieter haben sich daher zum Ziel gesetzt, die Funktionalitäten ihrer Apps zu erweitern, damit die […]
China Issues Measures on Personal Information Compliance Audits
On 14 February 2025, the Cyberspace Administration of China (CAC) issued the Administrative Measures on Compliance Audits for Personal Information Protection (the Measures), which has come into effect on 1 May 2025. The Measures mark the transition of the personal information compliance audit regime, first established under the Personal Information Protection Law of the People’s […]
China‘s Latest Updates on PIPL and Clarifications on Sensitive Personal Information
Different legislative updates were recorded in China in the last couple of months. These concern several topics related to data protection and data security, such as the definition of sensitive personal information, appointment obligations and registration of a Data Protection Officer (DPO), reporting measures in case of data security incidents for financial services and the […]
Berliner Datenschutzbeauftragte geht gegen DeepSeek vor
Der chinesische KI-Chatbot DeepSeek war vor einigen Monaten in aller Munde. Gelobt wurde die Anwendung insbesondere als kostengünstigere und leistungsstärkere Alternative zu ChatGPT. Der Open-Source-Ansatz wurde von vielen Usern als positiv bewertet. Auch die Verfügbarkeit in den App-Stores trug zur schnellen Verbreitung bei. Datenschutzrechtliche Bedenken bei DeepSeek Neben all der Euphorie wurden in Europa auch […]
TikTok receives fine of 530 million euros by Irish DPC
In September 2021 an investigation was started by the Irish Data Protection Commission (DPC), as Lead Supervisory Authority, to verify TikTok’s compliance with GDPR obligations in terms of: verification of age requirements for users under 13 or 18 years of age and lawfulness of the personal data transfers to the People’s Republic of China (China). […]
Noyb complaints regarding data transfers to China
Noyb (None of Your Business), the data protection organization founded by Max Schrems, has filed complaints regarding six major Chinese companies, namely, TikTok, AliExpress, SHEIN, Temu, WeChat and Xiaomi before the data protection authorities of Italy, Greece, Belgium, the Netherlands and Austria. Mirroring the complaints filed some years ago regarding data transfers to the US, […]
Understanding China’s Network Data Security Management Regulation: Key Comparisons with GDPR and PIPL
After years of development, People’s Republic of China (“China”) has established a data security legal framework centered on the “Cybersecurity Law”, “Data Security Law”, and “Personal Information Protection Law” (PIPL). The issuance of the “Network Data Security Management Regulation” (“the Regulation”) by the State Council coordinates the implementation of the data security management requirements stipulated […]
Case Analysis: A Landmark Cross-Border Data Transfer Dispute in China
In a significant ruling that underscores the growing emphasis on personal data protection in China, the Guangzhou Internet Court recently concluded a case involving cross-border data transfer violations under the Personal Information Protection Law of the People’s Republic of China (PIPL). The case, titled (2022) Yue 0192 Min Chu 6486, saw Mr. Z, a Chinese […]
A new Regulation facilitates cross-border data transfers from China to a third country
China’s cross-border data transfer regulations have been relaxed for the first time after the country issued a series of cybersecurity and personal data protection laws that imposed strict conditions on cross-border data transfers, raising concerns among companies doing business in China and abroad. On 23 March 2024, the Cyberspace Administration of China („CAC“), China’s central […]
New regime for data transfers from China to third countries
February 2023 was a busy month for China’s data protection regulator and supervisory authority – the Cyberspace Administration of China (CAC). This month marks the end of the six-month grace period for the Regulation of Security Assessment for Outbound Data Transfer (hereinafter referred to as the “Regulation”). With the Regulation now fully in force, companies […]
TikTok auf Diensthandys verbannt!
Aus Sicherheitsgründen unternehmen immer mehr Staaten und Institutionen Maßnahmen, um die Nutzung der chinesischen Kurzvideoplattform zu unterbinden. So dürfen Beschäftigte der EU-Kommission und des EU-Parlaments seit Mitte März die App weder auf ihrem Diensthandy installieren noch nutzen. Hintergrund Neben mangelndem Schutz junger Nutzer*innen wird TikTok längst eine unzureichende Datensicherheit vorgeworfen. Mehrere Staaten gehen davon aus, […]
China passed new data protection law
China issued its comprehensive data protection law, the Personal Information Protection Law (“PIPL”), on August 20, 2021. The PIPL will come into effect on November 1, 2021. This marks a new era in China’s data protection development. Before the PIPL, the main legislations regulating data processing activities in China are the Cybersecurity Law, the Data […]
Code Apps in China – Maßnahme gegen die Ausbreitung des Corona-Virus oder Totalüberwachung der Bevölkerung?
Den Berichten zufolge scheint China die Spitze der Corona-Krise hinter sich zu haben. Viele Chinesen kehren zu ihren Arbeitsplätzen zurück und nehmen das soziale Leben wieder auf, wobei die Angst vor dem Virus immer noch da ist. Gegen die Ausbreitung des Virus sollten die sogenannten Health Code Apps helfen, die für Millionen Chinesen seit einigen […]
1 2