The Cyberspace Administration of China (CAC) released the draft Security Review Measures for Cross-Border Data Transfer (the Draft Security Review Measures) for public comments on 29 October 2021 – shortly before the effective date of the Personal Information Protection Law (PIPL), 1 November 2021.
The three pillars of China’s cyber security and data legislation – the Cyber Security Law (CSL, effective on 1 June 2017), the Data Security Law (DSL, effective on 1 September 2021), and the PIPL – all impose some restrictions on cross-border transfers of data and require governmental security reviews as a condition for transferring data overseas in certain situations.
The Draft Security Review Measures provide some clarity on the questions we discuss in this article.
Who needs to do a security review?
Operators of critical information infrastructures (CIIs); Any entity transferring “important data” outside China; Any personal information handler who processes personal information of 1 million individuals or more; Any entity that has, in aggregate, provided personal information of more
Read the article