Clifford Chance

China Finalises Standard Contract On Cross-Border Transfer Of Personal Information

3 March 2023

In recent years, China has developed its legal framework regulating data and personal information (PI) with the promulgation of the PRC Cybersecurity Law in 2016, the PRC Data Security Law in 2021 and the PRC Personal Information Protection Law (the PIPL) in 2021 (collectively, the PRC Data Laws). The PRC Data Laws set out the supervisory approach of PRC regulators to different data- and PI- related matters. One of the key focuses for multinational companies that are subject to the PRC Data Laws is compliance with PRC regulatory requirements on international transfer of PI (i.e., exporting and/or receiving China-sourced PI, including by way of remote access), given the potential widespread implications on their global business and data management systems.

On 24 February 2023, the Cyberspace Administration of China released the Measures on Standard Contract for Cross-Border Transfer of Personal Information and the finalised Standard Contract on Cross-border Transfer of Personal Information, which will take effect on 1 June 2023. The SCC Measures implement the requirements set out under Article 38(3) of the PIPL.
 

Download PDF

Related Papers

• New PRC Cyber-Security Law comes into Force
  2 June 2017
• PRC Data Security Law – A New Milestone in Data Legislation
  11 August 2021
• PRC Passes Milestone Legislation for Personal Information Protection
  10 September 2021