On 15 October 2023, the public consultation initiated by the Cyberspace Administration of China on the Draft of Regulations on Standardising and Promoting Cross-border Data Flows ended. The regulations aim to safeguard national data security, uphold personal information rights, and enhance the lawful and orderly transfer of data. The draft clarifies circumstances that don’t require a data export security assessment. In particular, the draft specifies that the data export security assessment, standard contracts, or personal information protection certification are not required if the data to be exported does not include personal information or important data, data was not collected from China, the transfer is for the purpose of entering into or performing a contract, compliance with labour laws, or is for the protection of the life, health of individuals. Furthermore, the data export security assessment will not be required if the personal data of less than 10’000 individuals in a year will be transferred.
Original source