CAC released Regulations on Standardising and Promoting Cross-Border Data Flows
ISSUING AUTHORITY:
Cybersecurity Administration of China
DATE OF RELEASE:
September 28, 2023
On September 28, 2023, the Cybersecurity Administration of China (“CAC”) released new Regulations on Standardising and Promoting Cross-Border Data Flows (Draft for Comment) (the “Draft Regulations”) for public comment.
The Draft Regulations provide several allowances for the export of “important data” and personal information (“PI”) in specific scenarios; if passed, it could help to reduce uncertainties and compliance burdens for numerous multinational companies (“MNC”) and foreign companies.
The Draft Regulations proposed that companies are exempt from conducting the outbound data security assessment/PI protection certification/the execution and filing of standard contracts if the PI is not collected in the territory of China.
The Drafted Regulation also stipulated that the companies do not need to conduct outbound data transfer security assessment/PI protection certification/the execution and filing of standard contracts, such as:
1. For the “Must-be”purpose of entering into and performing a contract to which an individual is a party, such as cross-border e-commerce, cross-border remittances, air ticket and hotel reservations, visa processing, etc.;
2. The PI of internal employees must be exported to implement human resources management in accordance with the labour rules and regulations and the collective contract signed with employees; or
3. PI must be exported to protect the safety of natural persons' life, health, and property in emergencies.
The Draft Regulations clarify a couple of issues frequently inquired about by MNC and businesses. Firstly, it states that business and marketing data (other than PI and important data) can be freely transferred. Secondly, data processors are only required to apply outbound data security assessment if such data have been notified or publicly released as important data by relevant departments or regions.
Reference:
國家互聯網信息辦公室關于《規范和促進數據跨境流動規定(征求意見稿)》公開征求意見的通知
