Skip to content

China consults on security assessments for cross-border transfer of data

On October 29, 2021, the Cyberspace Administration of China (CAC) issued draft Measures on Security Assessments for the Cross-border Transfer of Data (a consultation draft for public comment) (Draft Measures).

These are designed to address the situation where there is a need for the transfer of data outside Mainland China primarily in connection with day-to-day business activities. Notably, the measures do not directly address the issue of cross-border data export in connection with overseas proceedings or investigations, or with the provisions in the PRC Data Security Law (DSL) (Article 36) and Personal Information Protection Law (PIPL) (Article 41), which has been getting a lot of attention from commentators.

The Draft Measures should be read in conjunction with the PRC Cybersecurity Law (CSL), the DSL and the PIPL. Terms used in these laws, notably the concepts of Important Data and Personal Information, are also used in the Draft Measures. The consultation period will last until November 28, 2021.