The current draft grants Chinese regulators broad discretion to prohibit data transfers.
..The draft requires both the consent of the data subjects and/or the permission of the regulators for any transfer of personal information and critical data out of China.
..The draft mandates a self-evaluation for all outbound transfers of personal information and critical data and sets out several conditions that would trigger a mandatory regulatory assessment.
..The draft is open for comments until 11 May 2017 so it may change in its scope and application.
Please see full Alert below for more information.