China cybersecurity and data protection: Review of 2020 and outlook for 2021

Usually whenever China is mentioned it’s in the context of cyber attacks. what’s often overlooked is that a lot of the victims of attacks are in China itself. Also, there’s a strange dichotomy between the state’s desire to oversee everything that citizens do online and the provision of security and privacy protections for individuals and infrastructure. Take a look at the legislation being introduced as an example…:

2020 has been an active year for developments in China’s cybersecurity and data protection regimes. In this e-bulletin we highlight the major regulatory and enforcement developments during the year in three key areas:

Security protection, where continuous regulatory efforts have been made to supplement technical standards in order to progress the establishment of the multi-level protection scheme (MLPS), with the police taking a more active approach to inspecting compliance with the MLPS regime.

Data protection, where two milestone pieces of legislation, the Personal Information Protection Law and the Data Security Law, started their progress through the legislative process, and important standards on personal information protection and risk assessment were updated or released; and

Supply chain security, where developments have focused on establishing the regulatory framework for commercial encryption and the supply chain security of Critical Information Infrastructure.

Further details are set out below. In each case we set out a reminder of the obligations under the Cyber Security Law and provide a brief summary of the main developments during this year.

For a more regular update on the latest developments, please see our monthly e-bulletins (click here for the most recent one).

Original article