China's draft data localisation measures open for comment

On 11 April 2017 the Cyberspace Administration of China (the "CAC") published a circular calling for comments on its draft Security Assessment for Personal Information and Important Data Transmitted Outside of the People's Republic of China Measures (the "Draft Export Review Measures"). 

The passage of the People's Republic of China Cyber Security Law in November 2016 (the "Cyber Security Law") left many questions unanswered as to the practical scope and effect of this important new piece of legislation.  With less than two months to go before the implementation of the Cyber Security Law on 1 June, many outside observers were expecting to have seen a significant volume of implementing legislation demarcating boundaries around the expansive scope and intrusive nature of the Cyber Security Law.  For those familiar with China's typical approach to legislative drafting, in which implementing rules often see the light of day after the law comes into effect, the issuance of the Draft Export Review Measures at this time may come as a welcome development.

The main legislative purpose of the Draft Export Review Measures is to clarify the process and requirements relating to the data localisation requirements in the Cyber Security Law, one of the most controversial aspects of the law.  While the Draft Export Review Measures do add a significant level of implementing detail as to the practicalities of compliance, we expect that for many multi-national corporations ("MNCs") with operations in, or doing business with, China, the nature of the clarifications do not go in the direction that they would have wanted.

Please click here for the full article.

Download PDF Back To Listing
Loading data