Since China’s Personal Information Protection Law (PIPL) took effect in 2021, companies doing business in mainland China have questioned what is required of them when transferring personal information in and out of the country. Taft pondered this very question in our earlier blog post, ‘Data Transfers and Beyond: China Moves Closer to Finalizing Draft Provisions Permitting the Transfer of Personal Data Abroad.’ Last month, the Cyberspace Administration of China (CAC) provided its long-awaited answer, by issuing its final version of the measures of the standard contact for cross-border transfer of personal information (Final Measures), along with a standard contractual clauses equivalent (PIPL SCCs). Similar to the EU SCCs or UK international data transfer agreement (IDTA), the PIPL SCCs allow companies to freely import and export data from China. Here is what companies should know about this new Chinese transfer mechanism:Continue Reading The Wait is Over: Cyberspace Administration of China Releases Model Contract for Data Transfers
Data Transfers and Beyond: China Moves Closer to Finalizing Draft Provisions Permitting the Transfer of Personal Data Abroad
In the past year, we have seen an increase in the number of countries developing/updating legal frameworks (such as model agreements) that permit the transfer of personal data abroad. Transfer mechanisms, such as the model agreements, are necessary because different countries’ data protection laws may offer different levels of protection to individuals’ personal data. Transfer mechanisms function as an “equalizer” by requiring a base level of protection that all entities must have in place when transferring personal data abroad. Accordingly, transfer mechanisms ensure that protections are in place to safeguard data that leaves a country with strong data protection laws to be transferred to a country that has no such laws. Last June, the European Commission updated its Standard Contractual Clauses (“EU SCCs”) permitting the transfer of data outside the European Economic Area (“EEA”) after a decade. Earlier this year the United Kingdom implemented the UK’s version of transfer clauses with the International Data Transfer Agreement (“UK IDTA”). Like Europe and the United Kingdom, China also has some transfer mechanisms in the works.
Continue Reading Data Transfers and Beyond: China Moves Closer to Finalizing Draft Provisions Permitting the Transfer of Personal Data Abroad