China proposes relaxation of security reviews for most cross-border data flows, bringing relief for multinationals
- New proposal is aimed at ‘regulating and promoting legal, orderly and free flow of data’ and will bring relief for MNCs which had faced uncertainty
- Vast bulk of business and personal activity involving sending Chinese data abroad will no longer go through a security assessment by CAC
China’s cyberspace regulator, which imposed tough cross-border data security requirements a year ago creating uncertainties for multinationals, made a concession on Thursday by waiving security assessments for the bulk of day-to-day business activities involving these data flows.
According to the latest proposed regulation on cross-border data flows published by the Cyberspace Administration of China (CAC), the vast bulk of business and personal activity involving sending Chinese data abroad will no longer go through a security assessment by the cyberspace regulator, a move that is set to make life easier for multinationals with China operations.
According to the new proposal, on which public feedback is being solicited until October 15, exports of data generated by “trade, academic, cross-border manufacturing and marketing activities” will no longer be subject to a regulatory security assessment or personal information protection review. The new proposal is aimed at “regulating and promoting legal, orderly and free flow of data”.
Personal data filed in cross-border shopping, remittances, air ticket purchases, hotel bookings and visa processing can be exported without the need for a security assessment, making it easier for foreign retailers, banks and travel agencies to handle Chinese customer activity, while personal information relating to labour contracts can also be exported freely, making it easier for regional human resource departments to manage China-based staff.
Also, personal data exports pertaining to health and security will also be exempt from security checks and reviews, a clause that is set to help foreign insurance companies and healthcare institutions serve China-based clients, according to the regulation.
The proposed regulation comes at a time when Beijing is trying to turn a friendly face towards foreign investors and after China’s tough data security requirements threatened to deter foreign businesses from investing in the world’s second-largest economy.