China: Opened consultation on TC260 information security technology requirements for transfer of personal information based on individual requests

On 3 April 2024, the National Information Security Standardisation Technical Committee of China (TC260) opened a public consultation until 2 June for the draft national standard titled "Information Security Technology Requirements for Transfer of Personal Information Based on Individual Requests". In particular, the draft includes definitions of terms related to personal information transfer, the scope of information eligible for transfer, conditions under which individuals can exercise their right to information transfer, and detailed processes for initiating a transfer request. Furthermore, the draft specifies that the data controller is required to ensure the secure transmission of the data and verify that it is transferred to the correct recipient. The data controllers are also required to inform data subjects if the recipient poses security risks or has an inferior data security system.