Hello privacy pros. Happy Chinese New Year to all who are observing the Lunar Spring Festival. Wishing you and your loved ones a healthy, happy, prosperous and successful Year of the Dragon.
According to the Chinese zodiac, the Dragon is a special creature symbolizing power, nobility, luck and success. Thus, the Year of the Dragon is forecast to be auspicious, bringing opportunities, energy and changes.
In line with this upbeat mood, we anticipate privacy pros to embark on a dragon ride and prepare for significant developments in China's cross-border data transfer scheme in the coming weeks and months.
At a press conference by the State Council of the People's Republic of China, senior governmental officials revealed the long-awaited regulations on promoting cross-border data transfers are nearing finalization and adoption. China's top data regulator, the Cyberspace Administration of China, is refining the draft regulations in preparation for their release. Once implemented, businesses stand to benefit from some relaxations, as certain cross-border data transfer scenarios will be exempt from current legal mechanisms or may undergo a less cumbersome and time-consuming process.
In addition to the positive message conveyed by the central government, local governmental authorities in various Free Trade Zones in China are exploring solutions to effectively balance the promotion of the digital economy with addressing data security concerns.
How to identify important data has been a significant pain point for international companies. Leading the charge, Shanghai Lingang Free Trade Zone announced 19 Jan. its intention to finalize and publish the catalog for important data and generic data by the end of March. Priority sectors identified include mobility, financial services, high-end shipping, biology and pharmaceuticals, and international trade. Specific business scenarios, such as automobile research and development, market intelligence research, internal operational management in financial services, and clinical trials and pharmacovigilance, are expected to receive further relaxations on cross-border data transfers.
Following Shanghai's lead, Tianjin Free Trade Zone issued its own data classification guidelines to streamline international data transfers. Compared to Shanghai's measures, Tianjin's guidelines offer more detailed guidance by categorizing different industry sectors. A notable breakthrough, the Tianjin guidelines specify the following personal information will be deemed important data if it meets certain thresholds: personal information of over 10 million individuals, sensitive personal information of over 1 million individuals, or personal bank/insurance account information and personal diagnosis information of over 100,000 individuals. These thresholds are 10 times higher than those set in China's Personal Information Protection Law and other CAC regulations.
Additional authorities in other Free Trade Zones in China are anticipated to follow suit, making it exciting to closely monitor subsequent developments.
On the judicial front, Chinese courts recently issued interesting rulings regarding artificial intelligence and data scraping cases. Due to the length of this note, further discussions on those topics will be deferred to another APAC edition. Stay tuned.
Until next time.