Moving data out of China may be subject to a security review

Entities who want to provide data abroad may go through an internal security review and, on some occasions, will be subject to a government review, according to a draft regulation released by the Cyberspace Administration of China (CAC). This was reported by The Xinhua News Agency.

"The draft regulation was released to solicit public opinions", – the CAC statement said.

"An internal security review should go through the amount, range, variety and confidentiality of data to be provided overseas and assess the risks that such a move may pose on state and public interests and legal rights and interests of individuals and organizations", – the document said.

"Whether the data will be transmitted safely without damage and leakage should also be reviewed", – it added.

If the data is collected from major IT infrastructure projects in China or the collector operates a data bank containing the personal information of 1 million individuals or more, the security review should be submitted to the CAC.

The document said that the CAC will also go through a security review of sharing abroad personal information of 100,000 individuals or more.