Cyberspace Photo:VCG

Cyberspace Administration of China (CAC) is seeking public comments on new rule of cross-border flow of personal information, drawing boundaries for domestic handlers of personal information and stipulating responsibilities in guarding national security.

The new measures are formulated in order to facilitate the outbound flow of personal information, standardize the procedure in protection and certification of personal information outbound, ensure the protection of personal information rights and interests, and promote the efficient, convenient and safe cross-border flow of personal information, according to a release posted on the CAC website on Friday.

The new regulation aligns with the Personal Information Protection Law, Regulations on Network Data Security Management, and Regulations on Certification and Accreditation and other laws and regulations.

The new regulation will govern the transfer of personal information data collected from within China to overseas destinations, the downloading and accessing of personal information stored within China by overseas institutions and individuals, and the overseas processing of personal information data in China.

Non-critical information infrastructure operators and information handlers that transfer between 100,000 and 1 million pieces of personal information overseas, or transfer fewer than 10,000 pieces of sensitive personal information will be subject to the new rule.

The new rule also requires professional certification and accreditation institutions complete the filing and documentation process with the CAC.

The new rule requires professional certification institutions to promptly report to the CAC and relevant departments if they discover outbound personal information activities that threaten national security, public interests, or significantly impact personal information rights and interests while conducting certification activities.

The proposed regulation mandates that government departments involved in protecting personal information, certification institutions and their employees to strictly observe the law, maintain personal privacy, personal information, trade secrets, confidential business information learned in the performance of duties confidential, and take measures to ensure that relevant data is neither disclosed nor illegally used or provided to others.

The deadline for submitting input is set at February 3, according to the CAC.