ABLI-FPF Convergences Series - Status of Consent for Processing Personal Data (China report)

On Sale

SGD0.00

Free Download

Added to cart

ABLI-FPF Convergences Series - Status of Consent for Processing Personal Data (China report)

Authors: Dominic Paulger, Policy Manager (APAC), Future of Privacy Forum, and Hunter Dorwart
Policy Counsel for Global Privacy, Future of Privacy Forum

Asian Business Law Institute and Future of Privacy Forum

May 2022

This report provides a detailed overview of relevant laws and regulations in China on:

●     notice and consent requirements for processing personal data;

●     alternative legal bases for processing personal data which permit processing of personal data without consent if the data controller undertakes a risk impact assessment (e.g., legitimate interests); and

●     statutory bases for processing personal data without consent, and exceptions or derogations from consent requirements in general and sector-specific laws and regulations.

1. INTRODUCTION

2. CHINA’S DATA PROTECTION FRAMEWORK

2.1. Civil Code

2.2. Personal Information Protection Law (“PIPL”)

2.3. PI Security Specification (“Security Specification”)

2.4. Cybersecurity Law (“CSL”)

2.5. Sectoral regulations and guidelines

a. Financial services
b. Mobile applications
c. Automotive sector

3. CONSENT AND PRIVACY SELF-MANAGEMENT IN CHINA’S DATA PROTECTION LAW

4. CONDITIONS FOR CONSENT

4.1. Definition and forms of consent

a. Security Specification
b. PIPL
c. Sectoral regulations .

4.2. Withdrawal of consent

4.3. Prohibition on bundled consent

a. Security Specification
b. “Core” versus "ancillary” business functions

4.4. Whether access to services may be conditional on consent

5. TRANSPARENCY AND NOTICE

6. CONSENT FOR SPECIAL CATEGORIES OR USES OF DATA

6.1. Children

a. Security Specification
b. PIPL
c. Sectoral regulations

6.2. Cookie, Internet of Things, Online Tracking

6.3. Biometric data

a. Security Specification
b. PIPL

6.4. Genetic data

6.5. Financial information

a. Security Specification
b. PIPL
c. Sectoral regulations

6.6. Location data

a. Security Specification
b. PIPL

7. CONSENT FOR CROSS-BORDER DATA TRANSFERS

7.1. Cross-border transfer rules and security assessments

8. SANCTIONS AND ENFORCEMENT

8.1. Civil Code

8.2. CSL

8.3. PIPL

9. COLLECTING, USING, AND DISCLOSING DATA WITHOUT CONSENT SUBJECT TO A RISK IMPACT ASSESSMENT

9.1. Impact assessments under the PIPL

10. COLLECTING, USING, AND DISCLOSING DATA WITHOUT CONSENT IN OTHER CIRCUMSTANCES DEFINED BY LAW

10.1. PIPL

10.2. Security Specification

10.3. Other regulations

You will get a PDF (3MB) file

ABLI-FPF Convergences Series - Status of Consent for Processing Personal Data (China report)

Table of Contents

1. INTRODUCTION

2. CHINA’S DATA PROTECTION FRAMEWORK

2.1. Civil Code

2.2. Personal Information Protection Law (“PIPL”)

2.3. PI Security Specification (“Security Specification”)

2.4. Cybersecurity Law (“CSL”)

2.5. Sectoral regulations and guidelines

3. CONSENT AND PRIVACY SELF-MANAGEMENT IN CHINA’S DATA PROTECTION LAW

4. CONDITIONS FOR CONSENT

4.1. Definition and forms of consent

4.2. Withdrawal of consent

4.3. Prohibition on bundled consent

4.4. Whether access to services may be conditional on consent

5. TRANSPARENCY AND NOTICE

6. CONSENT FOR SPECIAL CATEGORIES OR USES OF DATA

6.1. Children

6.2. Cookie, Internet of Things, Online Tracking

6.3. Biometric data

6.4. Genetic data

6.5. Financial information

6.6. Location data

7. CONSENT FOR CROSS-BORDER DATA TRANSFERS

7.1. Cross-border transfer rules and security assessments

8. SANCTIONS AND ENFORCEMENT

8.1. Civil Code

8.2. CSL

8.3. PIPL

9. COLLECTING, USING, AND DISCLOSING DATA WITHOUT CONSENT SUBJECT TO A RISK IMPACT ASSESSMENT

9.1. Impact assessments under the PIPL

10. COLLECTING, USING, AND DISCLOSING DATA WITHOUT CONSENT IN OTHER CIRCUMSTANCES DEFINED BY LAW

10.1. PIPL

10.2. Security Specification

10.3. Other regulations

Data Embassies - Purposes, Features and Limitations

ABLI-FPF Convergences Series - Status of Consent for Processing Personal Data (China report)

Table of Contents

1. INTRODUCTION

2. CHINA’S DATA PROTECTION FRAMEWORK

2.1. Civil Code

2.2. Personal Information Protection Law (“PIPL”)

2.3. PI Security Specification (“Security Specification”)

2.4. Cybersecurity Law (“CSL”)

2.5. Sectoral regulations and guidelines

3. CONSENT AND PRIVACY SELF-MANAGEMENT IN CHINA’S DATA PROTECTION LAW

4. CONDITIONS FOR CONSENT

4.1. Definition and forms of consent

4.2. Withdrawal of consent

4.3. Prohibition on bundled consent

4.4. Whether access to services may be conditional on consent

5. TRANSPARENCY AND NOTICE

6. CONSENT FOR SPECIAL CATEGORIES OR USES OF DATA

6.1. Children

6.2. Cookie, Internet of Things, Online Tracking

6.3. Biometric data

6.4. Genetic data

6.5. Financial information

6.6. Location data

7. CONSENT FOR CROSS-BORDER DATA TRANSFERS

7.1. Cross-border transfer rules and security assessments

8. SANCTIONS AND ENFORCEMENT

8.1. Civil Code

8.2. CSL

8.3. PIPL

9. COLLECTING, USING, AND DISCLOSING DATA WITHOUT CONSENT SUBJECT TO A RISK IMPACT ASSESSMENT

9.1. Impact assessments under the PIPL

10. COLLECTING, USING, AND DISCLOSING DATA WITHOUT CONSENT IN OTHER CIRCUMSTANCES DEFINED BY LAW

10.1. PIPL

10.2. Security Specification

10.3. Other regulations

You Might Also Like

Data Embassies - Purposes, Features and Limitations