To regulate the cross-border transfer of data, protect the rights and interests in relation to personal information, safeguard the national security and public interests, and to facilitate the security and free flow of data, in accordance with the PRC Cybersecurity Law, PRC Data Security Law and PRC Personal Information Protection Law, the State Cyberspace Administration has drafted the Measures on Security Appraisal for Cross-border Transfer of Data (“Draft Measures”) and released the same for public opinions.
The Draft Measures have listed the applicable scenarios under which security appraisal for cross-border transfer of data must be filed to the state cyberspace administration and the relevant documents required for completing such filing. In addition, the Draft Measures have also clarified the necessary elements regarding data security protection that shall be sufficiently agreed in the contract concluded between the data processor and the data receivers in foreign countries.
According to the Draft Measures, the appraisal results for cross-border transfer of data will generally remain valid for two years, unless any situation that can affect security of the data already transferred abroad arises. The deadline for the public to provide opinion or feedback on the Draft Measures is 28 November 2021.
Key Action Points for Human Resources and In-house Counsel
2021 witnessed China’s rapid legislative progress on the protection of data and personal information. The release of the Draft Measures symbolises another important step by China to improve the legal system of data protection. Multinational clients have frequently asked questions about regulations about the cross-border transfer of data. Although the Draft Measures are not legally binding, this instrument shall still be viewed as good reference for multinationals to get a sense of the imminent regulations applicable to the cross-border transfer of data.