Authored by: Richard Mazzochi , Minny Siu , Andrew Fei , Yu Leimin and Luan Jianqi (Maggie)
The Cyberspace Administration of China (CAC) recently published a welcomed set of proposed rules that promote cross-border transfers of personal information. The proposed rules introduce important exemptions from the requirement to go through the mandatory transfer mechanisms (i.e., security assessment, personal information protection certification or standard contract clauses filing) under the PRC Personal Information Protection Law (PIPL) in order to transfer personal information to a recipient outside the territory of the PRC.*
The proposed rules signify an important shift in the CAC’s approach to cross-border data transfers and have the potential to significantly reduce the compliance burden for international financial institutions and further enhance the business environment for multinational companies operating in the PRC.