On November 14, the Cyberspace Administration of China (CAC) issued a draft of the Regulations on Network Data Security (网络数据安全管理条例(征求意见稿) [http://www.cac.gov.cn/2021-11/14/c_1638501991577898.htm] (link in Chinese)). The draft is open to public comments until December 13. The draft is part of the

On November 2, Senators Marco Rubio (R-FL) and Raphael Warnock (D-GA) introduced a bill to expand the jurisdiction of the Committee on Foreign Investment in the United States (CFIUS) to review foreign investments where sensitive personal information is involved. The bill, S. 3130 [https://www.congress.gov/bill/117th-congress/senate-bill/

On November 3, China’s Ministry of Industry and Information Technology (MIIT) issued [https://www.miit.gov.cn/jgsj/xgj/gzdt/art/2021/art_cb78e71c3200476c97f86ff74611faf9.html] (link in Chinese) a list of 55 apps which were found to have violated users' legal rights. The MIIT requires these companies to

On October 29, the Cyberspace Administration of China (CAC) issued a draft (link in Chinese) of Measures on Security Assessment of Data Exports (数据出境安全评估办法) (unofficial English translation here). The draft is now open for public comments until November 28, 2021. The draft is formulated in accordance with China’s Data

On September 30, China's Ministry of Industry and Information Technology (MIIT) issued the Measures for the Administration of Data Security in Industry and Information Areas (Provisional) (Draft for Comment) (工业和信息化领域数据安全管理办法（试行）（征求意见稿）). The draft is now open for public comments until October 30. According to an explanation [https:

In August, China's Ministry of Industry and Information Technology (MIIT) listed 267 apps in three batches, including WeChat and several major online streaming apps, that were found to have violated user rights, and have not resolved these problems within the period of time they were given to do

On August 20, China’s Standing Committee of National People’s Congress passed the nation’s first Personal Information Protection Law (个人信息保护法) (PIPL) (informal English version here). It is modeled after the Europe Union's General Data Protection Regulation, and has been called by some western media “one of