The Cyberspace Administration of China released the "Regulations on Promoting and Regulating Cross-Border Data Flows"

According to the official account of Netcom China, the Cyberspace Administration of China recently issued the "Regulations on Promoting and Regulating Cross-Border Data Flows." According to this regulation, it will take effect immediately from the date of publication.

The relevant person in charge of the Cyberspace Administration of China said that cross-border data flow has become the basis for the exchange and sharing of global capital, information, technology, talents, goods and other resource elements. In order to promote the orderly and free flow of data in accordance with the law, stimulate the value of data elements, and expand high-level opening up to the outside world, the "Regulations" optimize and adjust the data export systems such as data export security assessment, personal information export standard contract, and personal information protection certification.

The "Regulations" clarify the reporting standards for the security assessment of important data exports, and stipulate that data processors do not need to carry out important data processing if the relevant departments or regions have not clearly informed or publicly released the data as important data. Declaration of exit security assessment.

The "Regulations" stipulate the conditions for data export activities that are exempt from reporting data export security assessment, entering into a standard contract for personal information export, and passing personal information protection certification: First, international trade, cross-border transportation, academic cooperation, transnational The data collected and generated in activities such as manufacturing and marketing are provided overseas and do not contain personal information or important data; second, the personal information collected and generated overseas is transferred to the country for processing and then provided overseas, and no introduction is made during the processing. Domestic personal information or important data; third, it is necessary to provide personal information overseas in order to conclude and perform a contract to which the individual is a party; fourth, implement cross-border human resources in accordance with labor regulations and collective contracts signed in accordance with the law. management, it is really necessary to provide employees’ personal information overseas; fifth, in order to protect the life, health and property safety of natural persons, it is really necessary to provide personal information overseas; sixth, data processors other than critical information infrastructure operators Since January 1 of that year, the personal information of less than 100,000 people (excluding sensitive personal information) has been provided overseas.

The "Regulations" establish a negative list system for free trade pilot zones. It is proposed that within the framework of the national data classification and hierarchical protection system, the free trade pilot zone can formulate a negative list within the zone on its own, and after approval by the provincial network security and information technology committee, report it to the national cybersecurity and informatization department and the national data management department for filing. Data processors in the free trade pilot zone who provide data outside the negative list overseas are exempted from declaring a data export security assessment, entering into a standard contract for personal information export, and passing personal information protection certification.

The "Regulations" clarify the conditions for two types of data export activities that require data export security assessment. First, critical information infrastructure operators provide personal information or important data overseas; second, data processors other than critical information infrastructure operators provide important data overseas, or provide a total of 1 million to overseas since January 1 of that year. Personal information of more than 10,000 people (excluding sensitive personal information) or sensitive personal information of more than 10,000 people. In addition, it stipulates the conditions for data export activities to enter into a standard contract for personal information export or to pass personal information protection certification, that is, data processors other than critical information infrastructure operators have provided more than 100,000 people overseas since January 1 of that year. Personal information of less than 1 million people (excluding sensitive personal information) or sensitive personal information of less than 10,000 people.

The "Regulations" also clearly stipulates the validity period and extension application of data export security assessment, data security protection obligations, supervision and management responsibilities, etc., and also stipulates the application of other regulations on data export security management.

The above is the detailed content of The Cyberspace Administration of China released the "Regulations on Promoting and Regulating Cross-Border Data Flows". For more information, please follow other related articles on the PHP Chinese website!