On 29 Oct. 2021, the Cyberspace Administration of China (CAC) issued the proposed “Measures of Data Exit Security Evaluation (Draft for public comment)” (hereinafter “the Measures”, 数据出境安全评估办法(征求意见稿)).
The Measures sets up a security assessment for transferring important data or large amounts of personal information.
The Measures requires data processors transferring data outside of China that meet one of the following circumstances must declare the Data Exit Security Assessment of the data to the National Network Information Department through the provincial CAC:
- personal information and important data collected and generated by operators of critical information infrastructure;
- outbound data contains essential data;
- personal Information Processors who have processed the personal information of one million people provide personal data outside of China;
- the personal information of more than 100,000 people or sensitive personal information of more than 10,000 people outside of China; or
- other situations required by the CAC that entail Data Exit Security Assessment.
This provision is a refinement of the current rules, namely, Article 36, Personal Information Protection Law (个人信息保护法) and Article 30, the Data Security Law (数据安全法).
Cover Photo by Carlos Muza on Unsplash
Contributors: CJO Staff Contributors Team