In the June edition of GC Agenda China (subscription required), Morrison & Foerster partner Paul McKenzie shared his opinions on the draft Measures on Security Assessments of Cross-border Transfers of Personal Information circulated by Cyberspace Administration of China (CAC).
According to Mr. McKenzie: “Clearly, the CAC's thinking has evolved significantly since it circulated the prior draft of the measures in 2017. The CAC has given itself a much more central role in policing cross-border data transfers, requiring network operators to obtain a security assessment from the local CAC branch for all cross-border data transfers and leaving no room for self-assessment for certain types of transfer. The CAC is also seeking to regulate companies outside China collecting data of local users, in an ambitious broadening of the geographic scope of the 2016 CSL itself. They can expect lots of comments on the new draft.”