Photo of Xuezi Dan

Xuezi Dan

Subscribe to Xuezi Dan's Posts

Xuezi Dan is an associate in the Beijing office of Covington and Burling LLP. Her practice focuses on data privacy and cybersecurity. Xuezi helps clients understand and navigate the increasingly complex privacy regulatory issues in China. She has worked closely with many leading international companies on matters ranging from cross-border data transfer, data localization, data protection program, and cybersecurity regulatory compliance.

Contact: Email

On March 7, 2023, during the annual National People’s Congress (“NPC”) sessions, China’s State Council revealed its plan to establish a National Data Bureau (NDB) as part of a broader reorganization of government agencies. The plan is being deliberated by the NPC and is expected to be finalized soon. 

According to the draft plan, the new National Data Bureau will be a deputy ministry-level agency under the National Development and Reform Commission (“NDRC”), China’s main economic planning agency that is in charge of industrial policies.  The new bureau will be responsible for, among other areas, “coordinating the integration, sharing, development, and utilization of data resources,” and “pushing forward the planning and building of a Digital China, a digital economy, and a digital society.” 

The plan specifies the new agency will take over certain portfolios currently managed by the Communist Party’s Central Cyberspace Affairs Commission (the party organ that supervises the Cyberspace Administration of China, “CAC”) and the NDRC. Specifically, the NDB will assume responsibility for “coordinating the development, utilization, and sharing of important national data resources, and promoting the exchange of data resources across industries and across departments,” a function currently performed by CAC.  The NDB will also absorb the NDRC teams responsible for promoting the development of the digital economy and implementing the national “big data” strategy.

Continue Reading China Reveals Plan to Establish a National Data Bureau

In addition to the two developments we reported on in our last blog post, on July 7, 2022, the long-waited, final version of the Measures for Security Assessment of Cross-border Data Transfer (《数据出境安全评估办法》, “Measures”) were released by the Cyberspace Administration of China (“CAC”).  With a very tight implementation schedule, the

After more than seven months since China’s Personal Information Protection Law (《个人信息保护法》, “PIPL”) went into effect, Chinese regulators have issued several new (draft) rules over the past few days to implement the cross-border data transfer requirements of the PIPL.  In particular, Article 38 of the PIPL sets out three legal mechanisms for lawful transfers of personal information outside of China, namely: (i) successful completion of a government-led security assessment, (ii) obtaining certification under a government-authorized certification scheme, or (iii) implementing a standard contract with the party(-ies) outside of China receiving the data.  The most recent developments in relation to these mechanisms concern the standard contract and certification.

Chinese Government Issues Draft SCCs

On June 30, 2022, the Cyberspace Administration of China (“CAC”) released draft Provisions on the Standard Contract for the Cross-border Transfers of Personal Information (《个人信息出境标准合同规定(征求意见稿)》, “Draft Provisions”) for public consultation.  The full text of the Draft Provisions can be found here (currently available only in Mandarin Chinese).  The public consultation will end on July 29, 2022.

Continue Reading Cross-border Data Transfer Developments in China