New Data Privacy Law in China
China passed its new Data Security Law ("DSL") in June 2021 and its new Personal Information Protection Law ("PIPL") in August 2021. Both new laws impact every business operating in or doing business with China, coupling extensive obligations with respect to the processing of all types of data, with potentially significant penalties for noncompliance. For buy-side transactions, the buyer should review and assess the target's data processing activities carefully to ensure compliance with applicable requirements under the DSL and PIPL. For sell-side transactions involving foreign-invested entities, the local subsidiary should be prepared for a buyer to request an indemnity for matters relating to data processing (including prior compliance with DSL and PIPL, if subject to the DSL and/or PIPL before the closing).
Both buyers and sellers should also be sensitive to compliance with the cross-border transfer requirements under the DSL and PIPL if there is any information to be transferred out of China through due diligence or otherwise as a condition for the acquisition. Assessment of DSL and PIPL compliance risk in the early stages of a transaction can help ensure deal certainty.
Jones Day publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our “Contact Us” form, which can be found on our website at www.jonesday.com. The mailing of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.