Gabriela Kennedy writes:
While personal data privacy law has been developing in many jurisdictions with the increasing prevalence of internet usage, the People’s Republic of China (“PRC”) has not yet enacted comprehensive laws or regulations governing the collection, use and transfer of personal data. However, this may change soon, as indicated by the recent issuance of the draft Information Security Technology — Guide of Personal Information Protection (the “Guidelines”, issued jointly by the General Administration of Quality Supervision Inspection and Quarantine and the Standardization Administration of the PRC on 30 January 2011). The draft Guidelines were developed in consultation with the Ministry of Industry and Information Technology, the government agency charged with regulating the telecoms and internet industries, and would create broadly applicable rules and principles for handling and transferring personal information. Although the draft Guidelines could be revised before implementation and have not yet been enacted, upon entering into force they could significantly impact business practices relating to storage, processing and transfer of information.
Read more of their description of the draft guidelines on Hogan Lovells Chronicle of Data Protection.