Place: Insights / Reports / Special reports / Detail
A Tribute to 2022, Year of Maturity for Data Compliance: Regulatory Activity Summary and Trend Forecast
2022-01-27Maggie Meng

In 2021

 

We witnessed the introduction of the Data Security Law and the Personal Information Protection Law, two core data compliance laws that now work in concert with the Cyber Security Law.

 

We witnessed the orderly introduction of new supporting policies by the regulatory authorities, which now steer the rapid development and application of data in all industries and fields.

 

We witnessed more mature and comprehensive national standards issued by the National Information Security Standardization Technical Committee, which provided further compliance guidelines for enterprises.

 

We were encouraged by the significant improvement in the public awareness of privacy rights.

 

and lastly, we were impressed by the growing familiarity and urgency of enterprises in the adaptation, implementation, and attention to data compliance.

 

Many have described 2021 as the Year of Data Compliance. As we look back at our achievements of 2021, we hope that we will be able to continue to share in your data compliance journey as we start a new year.

 

We have put together this report with the aim of capturing the evolution of China’s data compliance regulatory landscape through 2021 and provide the readers with insights on changes and areas of focus that we anticipate for 2022. This report consists of three parts: a year-end summary, a trend forecast and an appendix. The report will also discuss data regulatory requirements and compliance priorities for enterprise and predicts some of the key contents of upcoming regulations in 2022. Topics covered include data export security review, platform governance, identification of important data. We hope that the reader will find this report a useful resource of ideas and methods for data compliance practices in their organization.

 

Contents

Part 1 Summary of 2021

 

  1. Establishing and Perfecting the Three Pillars of the Data Compliance Legal Framework
  2. Forming a Hierarchy of Laws and Regulations
  3. Top-Level Management Responsibilities for Data Compliance
  4. In-Depth and Regular Compliance Inspections for App Compliance
  5. Preliminary Achievements of Enterprise Data Assets Mapping and Full Lifecycle Data Sorting and Data Assets Mapping
  6. Giving Equal Importance to Security Compliance for Front-End and Back-End Operations
  7. Greater Focus on Categorized and Classified Data Management and Access Authority Settings
  8. Gradual Acceptance of Risk Assessment Methodology, Operation of PIA Tools Goes from Green to Experienced
  9. Classified Protection for Cyber Security Is No Longer a Mere Formality With Security Testing and Certification Is Also Becoming Popular
  10. Facial Recognition Regulation Means: Administrative Regulation, Judicial Interpretation and Precedents at the Same Time
  11. The Mechanism for the Exercising of Individual Rights Has Been Integrated into Products
  12. Data Governance as a Key Regulatory Focus in Selected Industries, e.g. Vehicle Industry
  13. Cyber Security Review: Critical Information Infrastructure Operators, Network Platform Operators and Enterprises Listing Abroad
  14. Algorithm Transparency and Filing of Algorithm-Related Information Are Required from Algorithmic Recommendation Service Providers

 

Part 2 2022 Trend Forecast

 

  1. Establishment of Identification Standards and Lists of Important Data
  2. Perfecting the Security Review of the Cross-Border Data Transfer and Approval Process
  3. A More Clearly Defined Scope for Critical Information Infrastructure
  4. Platform Governance: from Data Fusion to Anti-Monopoly Regulation
  5. Combined Use of Internal Audits and External Audits
  6. Comprehensive Rules and Mechanisms for Internal Data Sharing and Provision of Data to Third Parties
  7. Improvements in Detail, Clarity and Scientific Basis for Data Processing Requirements in Special Industries and Rules of Competent Authorities of Various Industries
  8. Annual Report Submission and Record-Filing Procedures Will Be More Mature
  9. Cyber Security Review Standards and Processes Will Be More Operational
  10. Improvement of Enterprises' Capability for Algorithmic Management and Interpretability
  11. Litigation Will Increase Significantly
  12. The Role of Independent External Third-Party Supervision
  13. Demand for In-House Data Compliance Talent Pool Doubles
  14. Introduction of China’s Version of Standard Contractual Clauses for Cross-Border Data Transfer and Clarification on the Exercise of Data Portability Rights
  15. Further Clarity on Requirements for Separate Consent
  16. It Is Expected that New and Effective Solutions Will Be Proposed for the Identity Authentication Mechanism of Children's Guardians
  17. New Compliance Issues Relating to New Technology and Application Fields (such as NFT, blockchain, etc.)
  18. Data Will Be One of the Countermeasures Used to Balance Power and Control Between Different Countries
  19. In Addition to the Protection of Users’ Personal Information, the Protection of Employees’ and Partners’ Employees’ Contact Information Is Also on the Agenda

 

As early as 2015, the National Security Law established the legal basis for the national security review system which has been strengthen recently by the Data Security Law in 2021 and the Measures for Cyber Security Review which come into effect on February 15, 2022. Based on this foundation, China has further established the national security review system in the data field, requiring cyber security reviews of data processing activities that affect or may affect national security. The Measures for Cyber Security Review clarifies that network platform operators holding personal information of more than one million users must file a cyber security review with the Cyber Security Review Office when they list abroad. These amendments are of great significance for safeguarding national and data security, and should be observed by network platform operators when carrying out data processing activities.

 

On December 31, 2021, the Cyberspace Administration of China issued the Regulations on the Administration of Algorithmic Recommendation of Internet Information Services as the implementation rules of the Network Security Law, the Data Security Law, the Personal Information Protection Law and the Measures for the Administration of Internet Information Services and other laws and regulations in relation to the use of algorithmic recommendations, Specifically, the Regulations stipulate the objects and basic principles of algorithmic governance regulation, and put forward systematic compliance requirements for algorithmic recommendation services.

 

Towards a New Era of Data Compliance

 

In 2021, the joint efforts from government agencies, enterprises and users ushered in a new era of data compliance, where a comprehensive methodology for data compliance has been constructed, with laws and regulations as its foundation, technologies, management and experience as its pillars, and awareness as its roof. This methodology has been explicitly presented and has been widely accepted.

 

In 2022, data compliance will reach a new level of maturity, which will enable organizations from various industries and sectors to position themselves more accurately, better recognize their responsibilities, and be more assured of their value so that they can navigate their way through the challenges of digital economy and seize opportunities with poise.

 

We welcome you to contact us if you need more information.

 

You can also download this report by clicking on the "Download".

 

Compiled by the Data Compliance Team of Global Law Office

Chief Editor: Maggie Meng

E-mail: mengjie@glo.com.cn

Telephone: +86 10 6584 6768

Mobile Phone: +86 158 1105 0850

 

Editors:

Guosheng Xu, Muzhi Yao,

Cheng Wang, Chang Dai, 

Yapeng Gao, Jierui Dong, Linlin Zhao

 

Subscription/E-mail:

dataprotection@glo.com.cn

Download