Development of PRC Regulations on Cross-border Data Transfer
Early on the morning of June 13, 2019, Cyberspace Administration of China (“CAC”) issued the Measures for Security Assessment for Cross-border Transfer of Personal Information (Draft for Comment) (the “Draft Measures”). The Draft Measures makes significant adjustments to the Measures for Security Assessment for Cross-border Transfer of Personal Information and Important Data (Draft for Comment) released on April 11, 2017. In terms of the structure, cross-border transfer of personal information and important data is likely to be regulated separately and no longer governed by a single legislation in the future. This can be seen obviously from the Administrative Measures for Data Security (Draft for Comment) previously issued by CAC and is further confirmed by the issuance of the Draft Measures. In terms of the regulatory approaches, on the one hand, the Draft Measures innovatively regulates network operators and overseas recipients through contract concerning their cross-border transfer of personal information to protect the security of such transfer. On the other hand, the Draft Measures also establishes a full-coverage and comprehensive application for approval mechanism for cross-border transfer of personal information. Overall, due to the wide scope of application, the Draft Measures will have a significant impact on the compliance of enterprises.