Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

China: TC260 issues Specification on Cross-Border Processing of Personal Information Certification

The National Information Security Standardisation Technical Committee of China ('TC260') issued, on 24 June 2022, its Practice Guidelines for Cybersecurity Standards - Technical Specification for the Certification of Cross-Border Processing of Personal Information, following public consultations. In particular, the TC260 confirmed that the practice guidelines propose basic principles and requirements for the security of cross-border processing of personal information, as well as the protection of the rights and interests of personal information subjects.

More specifically, the practice guidelines clarify that they provide policy and regulatory requirements in order to implement Article 38 of the Personal Information Protection Law ('PIPL'). In addition, the practice guidelines highlight that they apply to cross-border processing activities of personal information by multinational companies or the same economic or business entity, as well as activities of foreign personal information processors, as stipulated in Article 3(2) of the PIPL. Moreover, the practice guidelines establish principles, such as lawfulness, legitimacy, necessity, as well as good faith, and introduce requirements providing for legally binding agreements where an overseas recipient conducts data processing on behalf of a personal information processor. Furthermore, the practice guidelines provide organisational measures, rules for cross-border processing, and requirements for conducting a Data Protection Impact Assessment ('DPIA'), among other things.

You can read TC260 press release here and the practice guidelines here, both only available in Chinese.