Taking a Page From GDPR, China's New Data Transfer Regime Can Reduce Government Involvement
December 11, 2020 | BY
Vincent ChowThe draft Personal Information Protection Law introduces two new data transfer mechanisms that do not seem to directly require government approval
Photo/Shutterstock.com
The Chinese government is accelerating efforts to finalize the country's regulatory regime governing cross-border transfers of personal information. Issued by China's top legislative body on Oct. 21, the first draft of the PRC Personal Information Protection Law (PIPL) (中华人民共和国个人信息保护法) introduces new mechanisms for conducting such transfers, which could reduce the administrative burden on companies as well as regulators themselves.
The law is also consistent with its landmark predecessor, the PRC Cybersecurity Law (CSL) (中华人民共和国网络安全法), in its requirement on critical information infrastructure operators (CIIOs) to store in China any personal information they collect and generate in China, and to undergo a security assessment should they seek to transfer this information overseas.
This premium content is reserved for
China Law & Practice Subscribers.
A Premium Subscription Provides:
- A database of over 3,000 essential documents including key PRC legislation translated into English
- A choice of newsletters to alert you to changes affecting your business including sector specific updates
- Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment
Already a subscriber? Log In Now