On March 22, 2024, the Cyberspace Administration of China officially announced the Regulations on Facilitating and Regulating Cross-border Data Flow (“Regulations”) and took effect upon the date of announcement. According to the previous regulatory requirements for data outbound transfer, there are three main methods for data outbound transfer: security assessment, standard contract, and protection certification. The Regulations aim to facilitate the cross-border flow of data and further relax the conditions for cross-border flow of data. It has an important impact on corporate data outbound activities, which will be briefly interpreted in this article.
(1) Since January 1 of the year, a total of more than 100,000 people and less than 1 million people to provide overseas personal information (excluding sensitive personal information) or less than 10,000 sensitive personal information, shall be in accordance with the law with the overseas recipient of personal information outbound standard contract or through the personal information protection certification;
(2) Since January 1 of the year, the personal information of more than 1 million people (excluding sensitive personal information) or the sensitive personal information of more than 10,000 people has been provided overseas, it shall be reported to the national cyberspace administration through the provincial internet information department where it is located and pass the security assessment for data outbound transfer.
3. Special policy space for Pilot Free Trade Zones
The Regulations state that the FTZs may, on their own, formulate a list of data that need to be included in the scope of management of data outbound security assessment, personal information outbound standard contract, and personal information protection certification, which is called the “negative list”. Data transfers outside the Negative List are exempt from prior supervision.
4. Other compliance obligations after exemption
Enterprises should be reminded that, regardless of whether there are circumstances or numbers of persons that can be exempted from security measures for data outbound transfer, Article 10 of the Regulations still emphasizes that if an enterprise provides personal information overseas, it shall still fulfill its obligations under the PIPL such as informing, obtaining the individual’s separate consent, conducting personal information protection impact assessment.
To sum up, the Regulations further establishes a regulatory framework to promote and regulate the free flow of data cross-border transfer, lowers the regulatory threshold for data outbound transfer by setting up a variety of exemptions, and optimizes the business environment for enterprises engaged in cross-border business. However, we suggest that enterprises still need to pay attention to data compliance management, combine with own business conditions, and adapt appropriate data processing practices to ensure data processing compliance.
Provisions of the New Company Law on the Dismissal and Resignation of Directors China’s new Company Law, which will come into effect on July 1, 2024, creates the following systems for the dismissal and resignation of directors: first, the shareholders’ meeting may resolve to dismiss a director, but if a director is dismissed before the
The new Company Law was amended and passed on December 29, 2023, and will come into effect on July 1, 2024. The new law shortens the deadline for subscribed capital contributions, allowing companies to adjust their registered capital according to their operational conditions. This article starts by focusing on the key provisions of the new
On March 22, 2024, the Cyberspace Administration of China officially announced the Regulations on Facilitating and Regulating Cross-border Data Flow (“Regulations”) and took effect upon the date of announcement. According to the previous regulatory requirements for data outbound transfer, there are three main methods for data outbound transfer: security assessment, standard contract, and protection certification.
