Compare with different regulatory event:
On 28 May 2021, the Standing Committee of the 13th National People`s Congress closed public consultation on the second draft of the Personal Information Protection Law. Next to general rules for the handling of personal information, the law includes obligations regarding data transfers in Art. 38-40. In order to provide personal information outside the People’s Republic of China due to business needs, one of the following conditions shall be met: (1) Pass the security assessment organized by the Cybersecurity Administration of China in accordance with Art. 40 PIPL; (2) Conduct personal information protection certification by professional institutions in accordance with the regulations of the Cybersecurity Administration of China; (3) Enter into a contract with the overseas recipient in accordance with the standard contract formulated by the Cybersecurity Administration of China, stipulating the rights and obligations of both parties; (4) Other conditions stipulated by laws, administrative regulations or national cyberspace administration departments. Additionally, it is set out in Art. 39 PIPL that when a personal information processor provides personal information outside the People’s Republic of China, it shall inform the individual of the name or name of the overseas recipient, contact information, processing purpose, processing method, types of personal information of the overseas recipient.
Original source