Transferring Data from China to Other Countries Could Become Costly & Difficult†

数据从中国出境至其他国家可能会变得昂贵且困难*

Digest | 文摘

To comply with the Measures for the Security Assessment of Outbound Data Transfers (the “Measures”; effective September 1, 2022), which was formulated by the Cyberspace Administration of China (the “CAC”) in accordance with the country’s Cybersecurity Law, Data Security Law, and Personal Information Protection Law, any “data processor” planning to transfer to another country “important data” or “personal information” collected and generated during the data processor’s operations within the territory of China must go through a security assessment process as provided in the Measures.  Failure to comply with the Measures could lead to criminal liability.

The security assessment process mainly involves the submission of various “declaration materials” by data processors to the CAC through its provincial offices.  The assessment conducted by the CAC may go beyond the time limits stated in the Measures “if the situation is complicated or materials need to be supplemented or corrected”.  In addition, the result of passing the security assessment for outbound data transfers is valid for only two years.

How will this security assessment process impact the operations of foreign companies in China?  Are there any practical insights that can be shared to enable data processors to go through the process fairly smoothly?

要遵守中国国家互联网信息办公室根据《网络安全法》、《数据安全法》和《个人信息保护法》制定的《数据出境安全评估办法》（“《办法》”；自2022年9月1日起施行） ，任何拟将在中国境内运营中收集和产生的“重要数据”或“个人信息”出境至其他国家的“数据处理者”必须按照《办法》的规定通过安全评估。不遵守《办法》可能会导致刑事责任。

安全评估的过程主要涉及数据处理者通过国家互联网信息办公室的省级办事处向其提交各种“申报材料”。“情况复杂或者需要补充、更正材料的”，国家互联网信息办公室进行的评估可以超出《办法》规定的时限。此外，通过数据出境安全评估的结果有效期仅为两年。

这一安全评估过程将如何影响外国公司在中国的运营？是否有任何实用的见解可以分享，以使数据处理者能够相当顺利地完成整个过程？

---

^† This piece was contributed by Yu Liu and edited by SINOTALKS.COM.

^* 此文章由刘玉提供，并由丝络谈™编辑。

Related Articles | 相关文章