ARTICLE
24 April 2024
Mondaq Thought Leadership Award Winner

China's Latest Data Governance Regulation: Up For A Brighter Future?

NR
Norton Rose Fulbright Hong Kong

Contributor

Norton Rose Fulbright provides a full scope of legal services to the world’s preeminent corporations and financial institutions. The global law firm has more than 3,000 lawyers advising clients across more than 50 locations worldwide, including London, Houston, New York, Toronto, Mexico City, Hong Kong, Sydney and Johannesburg, covering Europe, the United States, Canada, Latin America, Asia, Australia, Africa and the Middle East. With its global business principles of quality, unity and integrity, Norton Rose Fulbright is recognized for its client service in key industries, including financial institutions; energy, infrastructure and resources; technology; transport; life sciences and healthcare; and consumer markets.

The publication of the Provisions on Promoting and Regulating Cross Border Data Flow (the Data Export Relaxation Provisions) by the Cyberspace Administration of China...
China Privacy

The publication of the Provisions on Promoting and Regulating Cross Border Data Flow (the Data Export Relaxation Provisions) by the Cyberspace Administration of China (CAC) is a welcome development for international businesses operating in China. Prior to this development, businesses (especially those with strong demands for data export) struggled with the compliance burden created by the previous set of cross-border data transfer requirements that were published by the CAC in 2022 and 2023 (the Previous CBDT Requirements).

The clarification of 'important data', as well as changes to the requirements for security assessments, use of the PRC personal information export standard contract, as well as personal information protection certifications, will help lighten the compliance burden and, ideally (from a policy perspective), facilitate data flows for businesses.

That said, many international businesses have made significant investments in the past two years to restructure data governance and export processes to comply with the Previous CBDT Requirements. While some of these businesses are unlikely to be affected by this development, they may nevertheless benefit from these changes when considering new business processes or initiatives that may involve the export of personal data from China. However, businesses should note that these changes only impact outbound data transfers from China – the strict standards concerning security and use of personal data imposed by China Personal Information Protection Law remain unchanged.

Please refer to the update prepared by Shanghai Pacific Legal* for details about this recent development.

*Shanghai Pacific Legal is a domestic PRC firm with whom we have a "best friend" relationship with.

Despite the relaxed measures granted by the Data Export Relaxation Provisions, the other regulatory requirements prescribed in the Personal Information Protection Law still apply to data export activities in China. Specifically, personal information handlers must notify the personal data subject and obtain separate consent. In addition, a personal information protection impact assessment shall be undertaken accordingly.

www.shanghaipacificlegal.com/...

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More