Articles

Service Hotline: Mo to Fr 9am-6pm (CST) +86 10 6561 6609

On 11 April 2017, China’s Cyberspace Administration (CAC) published the draft of a new regulation called Measures for the Security Review of Cross-Border Transfers of Individual and Important Data (chin. 个人信息和重要数据出境安全评估办法).

 

The draft is based on the new Cyber Security Law and China’s National Security Law, which were passed in 2016 and 2015 respectively. It forms the legal basis for a security assessment for data transfers out of China by internet operators. These include internet providers, administrators and online service providers (Art. 17).

 

For which data do I need a security review?

 

Art. 9 of the draft states that a security review is mandatory for data transfers meeting the following conditions:

 

  1. Data includes personal information of more than 500 000 persons
  2. Data volume exceeds 1000 GB
  3. Data includes information on sensitive areas, such as nuclear facilities, chemical and biological specimens, population health data, large engineering projects, marine
  4. environment, and sensitive geospatial data.
  5. Data on cyber security leaks and security related data breaches
  6. Other data related to national security, public welfare, or industrial management

 

What must data not be transferred out of China?

 

The following data must not leave China (Art. 10):

 

  • Individual information which can harm personal interests or has not received the approval by the concerned person
  • Information, which can pose a risk to the political, economic, scientific, or military security or to the public interest
  • Other information as defined by security organs

 

Who carries out the assessment?

 

According to the current text, the operators are required to conduct their own security review at least once a year (Art. 12)The assessment report should include the following information (Art. 8):

 

  1. Reason for the cross-border transfer
  2. Nature of individual data, including quantity, scope, type, grade of sensitivity, approval of persons concerned
  3. Nature of important data, including quantity, scope, type, grade of sensitivity
  4. Safety standards of recipient and safety environment of receiver country
  5. Risk evaluation of possible leakage, data corruption, falsification or abuse after transfer
  6. Risk evaluation with regard to national security, public interest, or individual rights
  7. Other information required

 

If the assessment is mandatory (see Art. 9), the assessment has to be submitted to the relevant industry or control agencies, which have to deliver their feedback within 60 working days (Art. 10).

 

 What now?

 

The draft is open for public comments until 11 May 2017 . Remarks and opinions can be sent to the following e-mail (This email address is being protected from spambots. You need JavaScript enabled to view it. ) or to:

 

北京市东城区朝阳门内大街225号国家互联网信息办公室网络安全协调局,邮编:100010

 

Richard 1grau  
Richard Hoffmann
 
Richard Hoffmann is a partner at ECOVIS Beijing China. Richard obtained an honors degree in law and worked in Germany, the United States, and China for various prestigious law firms prior to joining ECOVIS. In addition to being a member of the board of ECOVIS International, he is Supervisor for the China business of a respected German company and shares his extensive knowledge to students by teaching commercial law in China at SRH Hochschule Heidelberg. He has published more than fifty articles in international magazines, frequently speaks at high profile events in China and abroad and is often invited as a legal expert by international TV stations. Contact: This email address is being protected from spambots. You need JavaScript enabled to view it.
Ecovis Beijing is the trusted tax and legal advisor to several embassies and official institutions in China. It specializes in mid-sized international companies and is focused on tax & legal advisory, accounting and auditing. If you’re interested in finding out more about tax and legal, don’t hesitate to sign up to our Newsletter, give us a call +86 (10) 6561 6609 or contact us directly via This email address is being protected from spambots. You need JavaScript enabled to view it. ';document.getElementById('cloak0be5bd543ea2fae2c3da4c9e4995c87d').innerHTML += ''+addy_text0be5bd543ea2fae2c3da4c9e4995c87d+'<\/a>';
Linkedinecovis beijing websitecontact ecovis beijing

NEWSLETTER

Newsletter

 

 

Business Hotline:

+86 10 6561 6609

Monday - Friday 9am - 6pm

China Standard Time

This email address is being protected from spambots. You need JavaScript enabled to view it.

 

ECOVIS Beijing
Room 1105, DRC Building, No. 19 Dongfang East Road, 

Chaoyang District, Beijing, 100600

 

 

China Desk in Heidelberg

Lenaustrasse 12, 69115 Heidelberg

Germany

Argentina
Australia
Austria 
Belgium 
Brazil 
Bulgaria 
China

Colombia

Croatia 

Cyprus 
Czech Republic
Denmark 
Estonia

Finland
France 
Germany

Greece

Hong Kong
Hungary
India 
Indonesia 
Ireland

Israel 
Italy  
Japan 

Latvia

Liechtenstein 

Lithuania
Luxembourg

Macedonia
Malaysia 
Malta 
Mexico

Netherlands 
New Zealand 
Poland 
Portugal

Qatar
Romania 
Russia 
Serbia

Singapore  
Slovakia 
Slovenia

South Africa

South Korea 
Spain 
Sweden

Switzerland

Taiwan

Thailand

Tunisia
Turkey
Ukraine  
United Kingdom

United States 
Uruguay