Asia IP Quotes Katherine Wang on China’s New Data Privacy Laws and Cross-Border Data Transfer Regulations

In February 2023, the Cyberspace Administration of China (CAC) released the final version of the Measures for the Standard Contract for the Cross-Border Transfer of Personal Information, along with the Standard Contractual Clauses (SCCs), a model contract for transfers of personal information out of China that do not require security assessment under China’s Personal Information Protection Law (PIPL). In a March 16 article published by Asia IP on this development, life sciences partner Katherine Wang (Shanghai) commented on how the new data privacy laws and cross-border data transfer regulations pertain to life science companies.

“Many life sciences companies routinely process clinical study data and personal information of healthcare professionals in China,” said Katherine. “The clinical study data will typically be consolidated at a central server outside China. Clinical study data is de-identified personal information and is subject to China’s data privacy law and cross-border data transfer regulation. If the amount of clinical study data exceeds the statutory threshold, these life sciences companies will undergo a security review by the CAC. In addition to the life sciences sector, the other sector that will be heavily impacted by the data privacy law is the technology, media & telecom sector.”

Katherine closed by advising that “Companies will need to assess if they are subject to the security review for cross-border data transfer, establish processes and policies for the protection of personal information, and appoint responsible personnel for cybersecurity and data privacy compliance.”