China Cybersecurity And Data Protection: Monthly Update – Dec 2020 Issue.

Last month, the National Information Security Standardization Technical Committee released guidelines for conducting personal information security impact assessments. This is an important step in implementing one of the protection measures contemplated in the draft Personal Information Protection Law for specified types of processing activities.
 

In addition, the commercial encryption import permit list and export control list have now been published. These are required by the Encryption Law under which the import of commercial encryption relevant to national security and public interest is subject to the grant of a permit. Similarly, the export of commercial encryption relevant to national security, public interest and international obligations of China is subject to government control. Please note that the list states that the import and export of the listed commercial encryption products will be considered dual-use items and technologies and, as such, will be subject to a permit granted by the Ministry of Commerce.
 

The Ministry of Industry and Information Technology continues to crack down on mobile applications that processes personal information in violation of applicable requirements.
 

Separately, the European Union, Singapore, Canada and California have proposed or revised their data protection laws or regulations. Notably, the European Union has started consultation on supplementary measures on safeguards for cross-border personal data transfer.

信安标委发布了进行信息安全影响评估的指南。该指南被认为是实施《个人信息安全法（草案）》所列明的个人信息保护措施的重要一步。

商用密码进口许可清单和出口清单也已发布。清单将实施《密码法》项下要求涉及国家安全、社会公共利益的商用密码进口取得许可，以及对涉及国家安全、社会公共利益和履行中国国际义务的商业密码出口进行管制的规定。清单上所列的商用密码的进出口将需要从商务部获得两用物项和技术的进出口许可。
 

工信部及其地方通管局继续对于违反规定处理个人信息的移动App加大执法力度。
 

欧盟、新加坡、加拿大和加利福尼亚都提出或修改了其各自的数据保护法规。值得注意的是，欧盟对于个人数据跨境传输的保障工具的补充措施提出了推荐意见，并征求公众意见。