Chinese regulators issue new draft rules on transfer of personal data

The Cyberspace Administration of China (CAC) said on Thursday that it seeking feedback from the public on draft rules governing the transfer of personal data overseas.

The new rules being drafted are part of Chinese regulators’ drive to strengthen oversight over troves of data collected by the country’s private sector and its array of popular apps.

Under the draft rules, entities collecting personal data would be responsible for assessing the legality, legitimacy, the need for the data, its scope and whether it would remain protected once it is transferred overseas.

The draft also covers methods of handling personal information by domestic processors and overseas recipients.

China has in recent years emphasised the risks to national security inherent in transferring user data overseas.

CAC launched cybersecurity reviews into Full Truck Alliance and Kanzhun alongside Chinese ride-hailing giant Didi Global in July last year, and ordered them to stop registering new users, citing national security and the public interest.

On Wednesday, Full Truck Alliance and Kanzhun said they had rectified their security issues and received the regulator’s consent to resume new user registrations.

The draft rules are designed to bolster a data security law implemented last year September, which requires all companies in China to classify the data they handle into several categories and governs how such data is stored and transferred to other parties.

Organisations must also receive approval for cross-border transfer of core data and important data via a special mechanism, the law states. US News