最好看的新闻,最实用的信息
12月28日 20.6°C-23.2°C
澳元 : 人民币=4.53
堪培拉
今日澳洲app下载
登录 注册

Navigating CAC's New Rules Easing Cross-Border Data Flows

2024-04-02 来源: 搜狐时尚 原文链接 评论0条

On 19th March 2024, the Chinese government announced the issuance of a notice titled "Circular of the General Office of the State Council on Issuing the Action Plan for Solidly Promoting High-level Opening-up and Increasing Efforts to Attract and Utilize Foreign Investment" (“Circular”). This Circular underscores the government's commitment to intensifying policy measures aimed at enhancing the attractiveness of foreign investment in China. The action plan, comprising twenty-four measures across five key areas, reflects a strategic move by the Chinese authorities to foster economic development and strengthen connections with international markets. Amongst others, the government supports the flow of data between foreign-invested enterprises and their headquarters, while also regulating cross-border data security management. Furthermore, the government aims to strengthen regulations for cross-border data flow and establish comprehensive rules, including scientifically defining the scope of important data.

In response to this Circular, the Cyberspace Administration of China (“CAC”) three days later, on 22 March 2024, released the final Provisions on Facilitating and Regulating Cross-Border Data Flow (促进和规范数据跨境流动规定 in Chinese, the “Provisions”), aiming to loosen data protection burdens faced by the country’s foreign investment environment and address compliance difficulties faced by businesses under the current legal regime.

These Provisions introduce several significant changes to the existing regulatory framework for cross-border data transfers, aimed at easing restrictions and clarifying the requirements for businesses operating in and with China.

Key Highlights Include:

Exemptions to existing cross-border data transfer compliance obligations: Several circumstances are identified where cross-border data transfers would not require going through any of the following data export procedures, i.e. Security Assessments, Personal Information Certification, or Standard Contracts Filing, which include:Data transfers related to international trade and transportation, academic cooperation, cross-border manufacturing or marketing that do not contain personal information or Important Data;Necessary transfers for performance of contracts involving natural persons;Transfer of employee data in line with labor policies and collective contracts;Transfer of personal information by non- Critical Information Infrastructure Operators (“CIIOs”) involving fewer than 100,000 individuals' personal information (excluding sensitive personal information) within a period calculated from 1 Jan of the same year till now;Transfer of personal information not collected or generated within the PRC;Transfers necessary for protecting health and safety in emergencies; andData transfers by entities incorporated within Free Trade Zones (“FTZs”) that involve data not included on Negative Data Lists to be promulgated by such FTZs.Clarification on Important Data: The Provisions aim to clarify what constitutes "Important Data", indicating that data handlers are not required to treat data as "Important Data" unless it is specifically categorized as such by the Chinese government. This is a significant and much welcomed move towards reducing the ambiguity that has previously surrounded the identification and handling of Important Data. The Provisions also encourage data processors to identify and declare Important Data in accordance with relevant regulations.Heightened Security Assessment Threshold for Personal Information: The Provisions suggest that only CIIOs and companies expecting to export personal information of more than one million individuals or sensitive personal information of more than 10,000 individuals within a period calculated from 1 Jan of the same year till now would need to undergo a Security Assessment. This is a change from the existing regulations on data transfers, which has a much lower threshold for triggering a Security Assessment.Special Negative Data Lists within FTZs: The Provisions allow FTZs to formulate their own Negative Data Lists, determining what types of cross-border data transfers are subject to mandatory data export procedures. This could potentially offer more relaxed cross-border data transfer requirements for businesses operating within these zones and attract new multi-national companies (“MNCs”) to operate within these zones.

Implications for MNCs:

The Provisions will substantially reduce the compliance burden for MNCs and their operations in China. Businesses engaged in less sensitive data transfers, or those transferring data under the outlined exemptions, could see streamlined procedures and lower compliance costs.Furthermore, while these exemptions could relieve some of the operational burdens, they do not eliminate the need for compliance with the broader spectrum of PRC data protection laws. Companies must still ensure they have a lawful basis for data processing, provide necessary information notices, take technical measures and other necessary measures, and conduct impact assessments for cross-border data transfer activities.As suggested by the press release on the Provisions, these Provisions mark a significant step in China's efforts to balance data security with economic openness. Businesses operating in China or processing Chinese data should prepare for these changes, considering how they might impact their data transfer and protection strategies.

特别声明:

大成律师事务所严格遵守对客户的信息保护义务,本篇所涉客户项目内容均取自公开信息或取得客户同意。全文内容、观点仅供参考,不代表大成律师事务所任何立场,亦不应当被视为出具任何形式的法律意见或建议。如需转载或引用该文章的任何内容,请私信沟通授权事宜,并于转载时在文章开头处注明来源。未经授权,不得转载或使用该等文章中的任何内容。

今日评论 网友评论仅供其表达个人看法,并不表明网站立场。
最新评论(0)
暂无评论


Copyright Media Today Group Pty Ltd.隐私条款联系我们商务合作加入我们

电话: (02) 8999 8797

联系邮箱: [email protected] 商业合作: [email protected]网站地图

法律顾问:AHL法律 – 澳洲最大华人律师行新闻爆料:[email protected]

友情链接: 华人找房 到家 今日支付Umall今日优选