On 29 Oct. 2021, the Cyberspace Administration of China (CAC) issued the proposed “Measures of Data Exit Security Evaluation (Draft for public comment)” (hereinafter “the Measures”, 數據出境安全評估辦法(征求意見稿)).
The Measures sets up a security assessment for transferring important data or large amounts of personal information.
The Measures requires data processors transferring data outside of China that meet one of the following circumstances must declare the Data Exit Security Assessment of the data to the National Network Information Department through the provincial CAC:
- personal information and important data collected and generated by operators of critical information infrastructure;
- outbound data contains essential data;
- personal Information Processors who have processed the personal information of one million people provide personal data outside of China;
- the personal information of more than 100,000 people or sensitive personal information of more than 10,000 people outside of China; or
- other situations required by the CAC that entail Data Exit Security Assessment.
This provision is a refinement of the current rules, namely, Article 36, Personal Information Protection Law (個人信息保護法) and Article 30, the Data Security Law (數據安全法).
Cover Photo by Carlos Muza on Unsplash
Contributors: CJO Staff Contributors Team