China Unveils Draft Standard Contract and Provides Clarifications on Cross-Border Data Transfer Mechanisms

Latham & Watkins LLP

China’s CAC publishes guidance on cross-border data transfers, including draft standard contractual clauses and regulatory guidance on certification and security assessment.

Key Points:

..Security Assessment: Effective September 1, 2022, personal information processors (PI Processors) under the Personal Information Protection Law (PIPL) must file for a Security Assessment with the Cyberspace Administration of China (CAC) if any of the following circumstances apply: (i) important data will be transferred; (ii) personal information will be transferred by a critical information infrastructure operator (CIIO) or a PI Processor who processes personal information of more than 1 million individuals; or (iii) in each case, the personal information of more than 100,000 individuals or sensitive personal information of more than 10,000 individuals will be cumulatively transferred since January 1 of the previous year.

..Certification: A PI Processor may obtain a personal information security certification from agencies designated by the CAC. According to the certification specification, the certification is suitable for (i) intra-group data transfers, similar to the Binding Corporate Rules under the General Data Protection Regulation (GDPR); and (ii) cross-border data transfers by foreign PI Processors subject to the PIPL’s extraterritorial reach.

..Draft China SCCs: A draft of the China standard contractual clauses (China SCCs), a template contract for cross-border data transfers (similar to the EU standard contractual clauses under the GDPR), were released for public consultation. The China SCCs are intended for adoption for cross-border transfers of personal information, except those transfers subject to the Security Assessment.

Please see full Alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Latham & Watkins LLP | Attorney Advertising

Written by:

Latham & Watkins LLP

Latham & Watkins LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.