China: Opened consultation on Draft of Regulations on Standardising and Promoting Cross-border Data Flows

On 28 September 2023, the Cyberspace Administration of China opened a public consultation on the Draft of Regulations on Standardising and Promoting Cross-border Data Flows until 15 October 2023. The regulations aim to safeguard national data security, uphold personal information rights, and enhance the lawful and orderly transfer of data. The draft clarifies circumstances that don’t require a data export security assessment. In particular, the draft specifies that the data export security assessment, standard contracts, or personal information protection certification are not required if the data to be exported does not include personal information or important data. The draft states that data must be notified as "important" by the government (departments or regions). Further exceptions include transfers of data that was not collected from China, transfers for the purpose of entering into or performing a contract, transfers to comply with labour laws, and transfers for the protection of the life or health of individuals. Furthermore, the data export security assessment will not be required if the personal data of less than 10’000 individuals in a year will be transferred.