China’s new data protection law has perhaps the strictest rules on international data transfers of any in the world.
Businesses must use one of four cross-border transfer mechanisms, ensure that exported data will be processed in accordance with Chinese law, provide notice to the individual whose data is being transferred, and seek the individual’s opt-in consent.
Meeting these legal requirements will be a huge challenge for any business operating in China from abroad. For example, what happens if an individual refuses consent? Is storing data locally within China the only solution? Or would even data localisation be insufficient for some foreign companies?
International data transfers are a legal minefield. PrivSec China will provide an in-depth analysis of how China’s new rules work and how they compare to existing transfer frameworks in other jurisdictions such as the EU.