Digital Policy Alert logo

China: Consultation closed for the Draft Regulations on the Administration of Network Data Security including data protection requirements

Policy overview

Description

Consultation closed for the Draft Regulations on the Administration of Network Data Security including data protection requirements

On 13 December 2021, the public consultation opened for the Draft Regulations on the Administration of Network Data Security. The draft in question is intended to implement and further specify the details of the (i) Cybersecurity Law, (ii) Data Secu…

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2021-11-14
under deliberation

On 14 November 2021, the Draft Regulations on the Administration of Network Data Security have been…

2021-11-14
in consultation

On 14 November 2021, the public consultation opened for the Draft Regulations on the Administration…

2021-12-13
processing consultation

On 13 December 2021, the public consultation opened for the Draft Regulations on the Administration…

2024-08-30
adopted

On 30 August 2024, the State Council of China approved the Network Data Security Management Regulat…

2025-01-01
in force

On 1 January 2025, the Network Data Security Management Regulation enters into force. The Regulatio…

Key regulatory dimensions

Regulated subjects

The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type Private organisation
Economic activity cross-cutting
Category All
2
Type Other corporate representative
Economic activity cross-cutting
Category All
3
Type Private organisation
Economic activity platform intermediary: user-generated content
Category All
4
Type Private organisation
Economic activity cross-cutting
Category All
5
Type Private organisation
Economic activity platform intermediary: user-generated content
Category All

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): data collection
Regulatory tool
Creation of enforcement authority
Designation of responsible employee
TBR - Pre-approval
Sanctions
Regulated subjects
4
Regulatory tool
Risk or other impact assessment requirement
User consent: Other requirement
User right to withdraw consent
Regulator notification requirement
User right to access personal data
User right to deletion of personal data
Preventive security requirement
Responsive security requirement
Sanctions
Fine
Disgorgement
Regulated subjects
1 4
Regulatory tool
User consent: Permit user opt-out
Regulator disclosure requirement
Sanctions
Restitution of damages
Fine
Regulated subjects
3 5
Regulatory tool
Sanctions
Suspension of business
Termination of business
Termination of business license
Regulated subjects
1 3 4 5
Regulatory tool
Sanctions
Fine
Occupational ban
Regulated subjects
2
personal data (all forms): storage (any form)
Regulatory tool
Creation of enforcement authority
Designation of responsible employee
TBR - Pre-approval
Sanctions
Regulated subjects
4
Regulatory tool
Regulator reporting requirement
Sanctions
Regulated subjects
4 5
Regulatory tool
Risk or other impact assessment requirement
User consent: Other requirement
User right to withdraw consent
Regulator notification requirement
User right to access personal data
User right to deletion of personal data
Preventive security requirement
Responsive security requirement
Sanctions
Fine
Disgorgement
Regulated subjects
1 4
Regulatory tool
User consent: Permit user opt-out
Regulator disclosure requirement
Sanctions
Restitution of damages
Fine
Regulated subjects
3 5
Regulatory tool
Sanctions
Suspension of business
Termination of business
Termination of business license
Regulated subjects
1 3 4 5
Regulatory tool
Sanctions
Fine
Occupational ban
Regulated subjects
2
personal data (all forms): sale
Regulatory tool
Creation of enforcement authority
Designation of responsible employee
TBR - Pre-approval
Sanctions
Regulated subjects
4
Regulatory tool
Regulator reporting requirement
Sanctions
Regulated subjects
4 5
Regulatory tool
Risk or other impact assessment requirement
User consent: Other requirement
User right to withdraw consent
Regulator notification requirement
User right to access personal data
User right to deletion of personal data
Preventive security requirement
Responsive security requirement
Sanctions
Fine
Disgorgement
Regulated subjects
1 4
Regulatory tool
User consent: Permit user opt-out
Regulator disclosure requirement
Sanctions
Restitution of damages
Fine
Regulated subjects
3 5
Regulatory tool
Sanctions
Suspension of business
Termination of business
Termination of business license
Regulated subjects
1 3 4 5
Regulatory tool
Sanctions
Fine
Occupational ban
Regulated subjects
2
personal data (all forms): data processing
Regulatory tool
Sanctions
Restitution of damages
Fine
Regulated subjects
3 5
Regulatory tool
Sanctions
Fine
Disgorgement
Regulated subjects
1 4
Regulatory tool
Sanctions
Suspension of business
Termination of business
Termination of business license
Regulated subjects
1 3 4 5
Regulatory tool
Sanctions
Fine
Occupational ban
Regulated subjects
2

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.

personal data (all forms): data collection

personal data (all forms): storage (any form)

personal data (all forms): sale

personal data (all forms): data processing