This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| less than a minute read

International Privacy: China to Regulate Transfer of Personal Data Across Borders

Starting June 1st, US companies with business in China will have to comply with new data transfer rules that may limit or impair the ability to use data in the US. Like the EU, China will have new restrictions in place (and new, state-approved contractual mechanisms designed to help companies comply with those regulations) regarding the export of personal data outside China.  

Why It Matters

The new "Standard Contractual Clauses" released by China will be one mechanism to allow data transfer outside China, but they add several steps to the contracts and compliance process. Companies may have to perform data risk assessments, file notices with the data regulator, notify data subjects of the transfer of their data, or take other steps before availing themselves of the SCCs.  

Affected data could include HR data, customer data, consumer data, or other personal information. The Chinese authorities have a history of vigorous enforcement (and fines) in the data privacy arena; any US company with interests in China should plan to seek advice from local counsel well ahead of the June 1st enforcement date.  

The SCC Regulations provide for "teeth" to regulate noncompliance. If the provincial CAC thinks the cross-border data transfer poses substantial risk or major data incidents, the CAC officials will request interviews and meetings with the data exporter and order rectifications. They also set up a whistle-blowing mechanism where individuals or organizations can report to provincial CAC authorities on noncompliant cross-border data transfer activities.


data security and privacy, hill_mitzi