
Since China’s Personal Information Protection Law (PIPL) took effect in 2021, companies doing business in mainland China have questioned what is required of them when transferring personal information in and out of the country. Taft pondered this very question in our earlier blog post, ‘Data Transfers and Beyond: China Moves Closer to Finalizing Draft Provisions Permitting the Transfer of Personal Data Abroad.’ Last month, the Cyberspace Administration of China (CAC) provided its long-awaited answer, by issuing its final version of the measures of the standard contact for cross-border transfer of personal information (Final Measures), along with a standard contractual clauses equivalent (PIPL SCCs). Similar to the EU SCCs or UK international data transfer agreement (IDTA), the PIPL SCCs allow companies to freely import and export data from China. Here is what companies should know about this new Chinese transfer mechanism:Continue Reading The Wait is Over: Cyberspace Administration of China Releases Model Contract for Data Transfers