On 2 January 2018, the Standardization Administration of China (“SAC”) released the final draft of “Information Technology – Personal Information Security Specification” (National Standard GB/T 35273-2017) (GB/T 35273-2017 信息安全技 术个人信息安全规范) (“Specification”). The Specification came into effect on 1 May 2018. The Specification sets out the recommended practices on personal information protection. Although the Specification is not legally binding, compliance is expected by the PRC authorities and may be taken into account when assessing a company’s compliance with related laws (e.g. China’s Cybersecurity Law).
Continue Reading

The revised Trade Mark Law was enacted in 2014 to much fanfare, as it included important new provisions targeting bad faith applications by trade mark hijackers, a recurring problem that has plagued brand owners in China. Unfortunately, in the 5 years since the enactment, the new provisions have done little to reduce trade mark hijacking activity and the onus has remained with brand owners to oppose or invalidate hijacked marks.
Continue Reading

On 1 November 2018, Hong Kong’s Securities and Futures Commission (“SFC”) issued a statement and circular that expanded its regulatory reach over virtual asset activities. Previously, the SFC’s position was that any activities related to virtual assets (e.g. cryptocurrencies, assetbacked tokens, virtual commodities, etc.) would only be subject to the Securities and Futures Ordinance (Cap. 571) if
Continue Reading

On 1 May 2018, the “Information Security Technology – Personal Information Security Specification” (PI-Specification) by China’s National Information Security Standardization Technical Committee (NISSTC) will come into effect. The PI-Specification, inter alia, provides guidance on the collection, storage, use, transfer and disclosure of personal information. While the PI Specification is voluntary and not legally binding, it is likely that Chinese regulators will take into account breaches of the PI Specification when enforcing cybersecurity obligations.

The requirements for the collection, use, and storage of personal information are briefly outlined below.
Continue Reading

On 7 November 2016, the Standing Committee of the National People’s Congress has formally passed China’s first comprehensive privacy and security regulation for cyberspace. Since the new Cyber Security Law (CSL) will come into effect on 1 June 2017, technology companies that are operating in or planning to expand to the Peoples Republic of China (PRC) are well advised to adapt their IT infrastructure and data architecture to the new law. Violations of the law may, at worst, lead to high fines, website shutdowns or license revocations. Some of the most significant changes brought about by the new law are briefly outlined below.
Continue Reading

busy Street scene with neon signs in Hong KongIntellectual Property (“IP”) rights are only as strong as the means to enforce them. Arbitration, as a private and confidential procedure, is increasingly being used to resolve disputes involving IP rights, especially when the dispute is between parties located in different jurisdictions. With the introduction of the Arbitration (Amendment) Bill 2016 (“Bill”), the Hong Kong

On 12 December 2016, the PRC Ministry of Culture released the Administrative Measures for Business Activities of Online Performances (the “Measures”). The Measures target providers of live performances broadcast or streamed over the Internet or a mobile network (“Streaming Services Providers”) who derive a profit from such activities through advertising, sponsorship or by charging for access. The Measures will come into effect on 1 January 2017.
Continue Reading

On 12 August 2016, the Cyberspace Administration of China (“CAC”), the General Administration of Quality Supervision, the Inspection and Quarantine of China (“GAQSIQ”), and the Standardisation Administration of China (“SAC”) jointly released Several Guidelines to Strengthen National Cybersecurity Standardisation (the “Guidelines”). Under the Guidelines, mandatory national standards will be introduced to regulate critical fields such as major information technology infrastructure and classified networks in an effort to harmonise the current divergent local practice.
Continue Reading