Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Enforcement Update: U.S. Courts Demonstrate Reluctance to Extend Application of Chinese Data Security and Privacy Laws In Civil Discovery
Two recent Chinese laws — the Data Security Law (DSL) and the Personal Information Protection Law (PIPL) — include provisions aimed at restricting the cross-border transfer of China-based data to foreign enforcement and judicial authorities. As an initial matter, U.S. courts have limited the application of these laws and have continued to rely upon international comity analysis in compelling the production of responsive documents in civil discovery. However, U.S. courts have not yet addressed whether these data protection and privacy laws could bar the production of documents in civil contexts involving governmental litigants or in criminal proceedings.
The Data Security Law and the Personal Information Protection Law
The DSL and PIPL serve to create the framework for China's data protection regime and implement "stringent supervision and data processing duties on data processors and enforcement agencies."
The Standing Committee of the National People's Congress (NPCSC) adopted the DSL on June 10, 2021, effective Sept. 1, 2021. In general, the DSL governs data processing and management activities, including the collection, storage, use, processing, transmission, provision, and disclosure of data. See, DSL, Article 3. Importantly, however, the DSL also contains provisions regulating cross-border data transfers to foreign judicial or enforcement authorities. Specifically, Article 36 of the DSL establishes that the "competent authority" shall handle data requests made by foreign judicial or law enforcement organizations in accordance with existing laws and international treaties. (The "competent authority" references the PRC authority charged with overseeing relevant international agreements or treaties. However, the DSL does not provide additional guidance about who the "competent authority" would be in the case of a data request made by a foreign authority that does not have an MLAT with China.) Article 36 also prohibits Chinese organizations and individuals from providing data stored within the People's Republic of China (PRC) to foreign judicial or law enforcement organizations without the prior approval of the competent authority. Although the DSL provides no additional details about that approval process, the law imposes penalties for violators involving fines up to RMB 10 million and the potential suspension or revocation of business licenses for violators that breach the national core data management system, endanger national sovereignty, or implicate national security and development interests. See, DSL, Article 45.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Processes, Challenges and Solutions In Lateral Partner Integration
Tips and shared advice from lateral integration professionals provide creative, practical and streamlined solutions to law firm marketers involved in the lateral integration process.
Constructive Exuberance: Planning for the Regulation and Enforcement of Privacy, Cybersecurity, and Advanced Technologies In 2025
While change is a constant in the privacy, security and technology arena, 2025 is poised to be a landmark year. New technologies will continue to radiate through the economy — and our lives — while the new Trump Administration is likely to emphasize innovation over protection, reward maximization over risk minimization, and incentivizing over enforcing.
FOIA In 2025: Beat the Backlog, Avoid Lawsuits and Reduce Cyber Risk
The Freedom of Information Act (FOIA) stands at a critical juncture heading into 2025. Federal agencies are grappling with mounting backlogs, increasingly complex data landscapes, and rising cybersecurity threats. As a new administration takes office, the urgency to adopt innovative, effective solutions has never been greater.
FOIA In 2025: Beat the Backlog and Avoid Lawsuits
The Freedom of Information Act (FOIA) stands at a critical juncture heading into 2025. Federal agencies are grappling with mounting backlogs, increasingly complex data landscapes, and rising cybersecurity threats. As a new administration takes office, the urgency to adopt innovative, effective solutions has never been greater.
Navigating the VUCA World: Why Firms Must Innovate and Reevaluate Legal Operations
In the legal industry, volatility, uncertainty, complexity and ambiguity (VUCA) (originally a military concept) have reshaped how law firms operate, requiring legal administrators to adapt to a rapidly evolving work environment. Navigating this VUCA landscape involves balancing hybrid work models, evolving return-to-office strategies, and significant workforce challenges, especially in administrative support.