China Justice Observer

中司观察

EnglishArabicChinese (Simplified)DutchFrenchGermanHindiItalianJapaneseKoreanPortugueseRussianSpanishSwedishHebrewIndonesianVietnameseThaiTurkishMalay

China Regulates Network Data Security

Tue, 19 Nov 2024
Categories: China Legal Trends

On 24 Sept. 2024, China’s State Council published the “Regulation on Network Data Security Management” (网络数据安全管理条例, hereinafter the “Regulation”), which shall come into force on 1 Jan. 2025.

In China, three laws have been enacted as the pillars in the fields of network governance and data security: the “Cybersecurity Law”, the “Data Security Law”, and the “Personal Information Protection Law”. The purpose of the Regulation is to standardize network data processing activities, with a focus on personal information, important data, and cross-border data flow, and to refine and supplement compliance requirements for network data protection in existing laws.

The highlights of the Regulation are as follows.

  • It clarifies the requirements for the exercise of rights such as access, copy, modification, supplementation, and deletion of personal information, as well as the conditions for the transfer of personal information.
  • It requires processors of important data to conduct annual risk assessments of their network data processing activities, with clear reporting requirements for these assessments.
  • It addresses issues related to the difficulty of opting-out of personalized recommendation services, the variety of personal information collected, and the misuse of personalized profiling data, by requiring the network platform service providers to set up opt-out options for personalized recommendations that are easy to understand, access, and use, and to provide users with such functions as refusing to receive pushed information and deleting user tags that are targeted to their personal characteristics.

 

 

Photo by Bells Mayer on Unsplash

Contributors: CJO Staff Contributors Team

Save as PDF

You might also like

ABLI-HCCH webinar: Cross-Border Commercial Dispute Resolution – Electronic Service of Documents and Remote Taking of Evidence (July 10, 2025)

The Asian Business Law Institute (ABLI) and the Hague Conference on Private International Law (HCCH) will host their fourth joint webinar on July 10, 2024 (5:00–6:10 PM SGT), focusing on electronic service of documents and remote taking of evidence under the Service and Evidence Conventions, featuring expert speakers, with an early bird discount available until June 10.

China Tightens Corporate Personal Data Audit Rules

In February 2025, China's Cyberspace Administration issued the "Measures for the Administration of Personal Information Protection Compliance Audits", effective May 1, 2025, mandating regular audits for companies, especially those processing data of over 10 million individuals, to ensure transparency and legality in personal data handling.

SPC Releases Typical Cases on Telecom Fraud Crimes

In February 2025, China's Supreme People's Court (SPC) released eight typical telecom fraud cases, exposing new criminal methods and highlighting intensified judicial efforts after handling 31,000 such cases in 2023.

SPC Targets Cyber Extortion with Typical Cases

In February 2025, China’s Supreme People’s Court (SPC) released six typical cases showcasing its crackdown on emerging cyber extortion crimes, including spreading rumors and sextortion, to encourage victims to seek legal protection.

China Issues New Rules on Foreign-Related IP Disputes

In March 2025, China issued regulations effective May 1, 2025, to enhance dispute resolution, evidence collection, and countermeasures for foreign-related intellectual property disputes, strengthening services and enterprise capabilities.

SPC Issues China’s First Anti-Anti-Suit Injunction (AASI) in IP Case

In December 2024, China’s Supreme People’s Court (SPC) issued its first anti-anti-suit injunction in a patent dispute, Huawei v. Netgear, prohibiting Netgear from obstructing Huawei’s Chinese litigation, marking a significant step in global standard-essential patent governance.