China Calls for Security Reviews of Companies Seeking to Export User Data, Telecom News, ET Telecom
The Chinese Cyberspace Administration (CAC) said in a statement that the security review requirement would also apply to companies if their data is collected and generated by operators of “critical information infrastructure”, or whether the data to be sent abroad contains “important data” information.
Companies that have already sent abroad, or intend to send abroad, the personal information of more than 100,000 users or the “sensitive” personal information belonging to 10,000 users, would also be bound by the requirement, he said.
The proposed measures, which are open for public scrutiny until Nov. 28, come as Beijing tightens its grip on Chinese companies and the vast treasuries of data they control. It has adopted new laws on data security and the protection of personal information.
In July, the ACC also proposed that companies with more than one million users report to the regulator for a safety review before listing their shares overseas, just days after the public offering was suspended. carpool giant Didi Chuxing for alleged data breach.
Last month, China’s Ministry of Industry released draft rules to strengthen its new data security law, including definitions of what it considered “essential” and “important” data, for which cross-border transfers must be approved.
The ACC also detailed on Friday what documents organizations had to submit, and said the security review should be completed in most cases within 45 days, but under “complicated circumstances” could take up to 60 days. days.
A successful security examination would have a validity period of two years, but factors such as “changes in the legal environment of the country or region where the recipient is located abroad” could prompt a re-examination, according to the draft rules.