On April 29, 2021, the national legislator in China released the second draft of the Personal Information Protection Law (“PIPL”) to collect public comments until May 28, 2021. The updated draft substantially follows the framework of the first draft, which marks China’s comprehensive system for the protection of personal information, sets forth general rules for the processing and transferring of personal information across China’s borders, and echoes certain mechanisms under the EU’s General Data Protection Regulation (“GDPR”), including application of extraterritorial jurisdiction, with which China would use long-arm jurisdiction to regulate the concerned entities across borders. This approach reflects China’s position that privacy law is an important component of China’s long term strategy on the international stage. In fact, the PIPL expressly contemplates China’s engagement with other jurisdictions (at both the country and regional levels) to try to create “interoperability” with these other privacy systems. Below we summarize key terms of the updated draft PIPL.
Continue Reading China Released Second Draft of Personal Information Protection Law

In a long awaited decision, the European Commission (“Commission’) adopted two new sets of standard contractual clauses (“SCCs”) to reflect the EU’s General Data Protection Regulation (“EU GDPR”) and ‘the realities faced by modern business’ (see the Commission’s press release). These replace the current SCCs that were adopted over 10 years ago under the, now repealed, Data Protection Directive. The EU’s Commissioner for Justice, Didier Reynders, cited the SCCs as providing companies with ‘more safety and legal certainty’ and as being ‘user friendly tools’.

It is important to note that the new set of SCCs is significantly different than the previous set. For example, instead of focusing on the status of the parties as “controller” or “processor”, the new SCCs focus on the location of the parties, regardless of status. This is a significant departure from the prior form.
Continue Reading Out With the Old, In With the New: New GDPR Standard Contractual Clauses