Todd Liao and Stella Chen | Morgan Lewis & Bockius LLP
The draft legislation provides further guidance on the regulations provided in the recent cybersecurity law, including definitions and details on the security assessments required for cross-border data transfers.
China’s recently enacted Cybersecurity Law (CL), effective June 1, 2017, requires that personal information and important data collected and produced by critical information infrastructure (CII) operators in China be stored in China. The CL also requires that security assessments be performed before personal information and important data are provided to any entity or individual outside of China (Cross-border Data Transfer). Along with the CL, China has published other draft legislation addressing the requirements for local storage and Cross-border Data Transfer and soliciting public comments. The new draft implementing rules include
- Measures for the Security Assessment of Cross-border Transfer of Personal Information and Important Data (Consultation Draft)(the Assessment Measures);