Redian新闻
>
英译本 |《规范和促进数据跨境流动规定(征求意见稿)》

英译本 |《规范和促进数据跨境流动规定(征求意见稿)》

公众号新闻

个人信息保护合规审计暨大数据工程师双证上海

时间2023年10月底(周末两天)

地点:上海交大附近,广州、北京同步招生

联系手机(朱老师 )138 1664 6268;微信(徐博士) heguilvshi


来源:数据何规
译者:一名医疗行业的数据合规螺丝钉

十一假期前的最后一个工作日,网信办给了一个数据跨境大礼包,详见:国家互联网信息办公室关于《规范和促进数据跨境流动规定(征求意见稿)》公开征求意见的通知。

分享一个双语版,供参考,祝中秋国庆快乐!

感谢译者:一名医疗行业的数据合规螺丝钉。


规范和促进数据跨境流动规定

(征求意见稿)
Provisions on Regulating and Facilitating Cross border Flow of Data
(Draft for Public Consultation)


为保障国家数据安全,保护个人信息权益,进一步规范和促进数据依法有序自由流动,依据有关法律,对《数据出境安全评估办法》、《个人信息出境标准合同办法》等数据出境规定的施行,作出以下规定。


In order to safeguard national data security, protect the rights and interests of personal information, further regulate and promote the free flow of data in an orderly and lawful manner, and in accordance with the relevant laws, the following provisions (hereinafter referred to as the “Provisions”) are made for the implementation of the data export regulations including the Measures for Security Assessment on Cross-border Data Transfer and the Measures for the Standard Contract for Cross-border Transfer of Personal Information.


一、国际贸易、学术合作、跨国生产制造和市场营销等活动中产生的数据出境,不包含个人信息或者重要数据的,不需要申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证。

1. Where data generated and exported in international trade, academic cooperation, multinational manufacturing and marketing activities do not contain personal information or important data, it is not necessary to apply for security assessment on cross-border data transfer, enter into a standard contract for the cross-border transfer of personal information, or obtain a personal information protection certification.


二、未被相关部门、地区告知或者公开发布为重要数据的,数据处理者不需要作为重要数据申报数据出境安全评估。
2. If the data has not been notified or publicly released as important data by relevant departments or regions, local data handlers are not required to apply for security assessment on cross-border transfer of important data.


三、不是在境内收集产生的个人信息向境外提供,不需要申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证。
3. If personal information which was not collected or generated within the territory is provided overseas, local data handlers are not required to apply for security assessment on cross-border data transfer, enter into a standard contract for the cross-border transfer of personal information, or obtain a personal information protection certification.


四、符合以下情形之一的,不需要申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证:
4. Where one of the following circumstances is met, there is no need to apply for security assessment on cross-border data transfer, enter into a standard contract for the cross-border transfer of personal information, or obtain a personal information protection certification;


(一) 为订立、履行个人作为一方当事人的合同所必需,如跨境购物、跨境汇款、机票酒店预订、签证办理等,必须向境外提供个人信息的;

(1)Where personal information must be provided across the border for the purpose of entering into and performing contracts to which the individual is a party, such as cross-border shopping, cross-border remittance, air ticket and hotel booking, and visa applications;


(二) 按照依法制定的劳动规章制度和依法签订的集体合同实施人力资源管理,必须向境外提供内部员工个人信息的;

(2)Where personal information of internal employees must be provided across the border in order to implement human resources management on the basis of labor regulations formulated in accordance with the law and collective contracts signed in accordance with the law;


(三) 紧急情况下为保护自然人的生命健康和财产安全等,必须向境外提供个人信息的。

Where personal information must be provided across the border in order to protect the life, health and property safety of natural persons, etc., in an emergency situation.


五、预计一年内向境外提供不满1万人个人信息的,不需要申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证。但是,基于个人同意向境外提供个人信息的,应当取得个人信息主体同意。
5. If it is expected that less than 10,000 natural person s’ personal information will be provided across the border within one year, there is no need to apply for safety assessment on cross border data transfer, enter into a standard contract for the cross border transfer of personal information, or pass a certification for the protection of personal information. However, where personal information is provided overseas on the basis of individual consent, the consent of the data subject shall still be obtained.


六、预计一年内向境外提供1万人以上、不满100万人个人信息,与境外接收方订立个人信息出境标准合同并向省级网信部门备案或者通过个人信息保护认证的,可以不申报数据出境安全评估;向境外提供100万人以上个人信息的,应当申报数据出境安全评估。但是,基于个人同意向境外提供个人信息的,应当取得个人信息主体同意。

6. If it is expected that personal information of more than 10,000 but less than 1 million natural persons will be provided across the border within one year, local data handlers is not required to apply for security assessment on cross border data transfer , but shall enter into a standard contract for the cross border transfer of personal information with the overseas recipient and apply for record filing of such standard contract with the cyberspace administration at the provincial level or o btain a personal information protection certification; where personal information of more than 1 million natural persons is provided across the border , local data handers shall apply for security assessment on cross border data transfer. However, where personal information is provided overseas on the basis of individual consent, the consent of the data subject shall still be obtained.

七、自由贸易试验区可自行制定本自贸区需要纳入数据出境安全评估、个人信息出境标准合同、个人信息保护认证管理范围的数据清单(以下简称负面清单),报经省级网络安全和信息化委员会批准后,报国家网信部门备案。
负面清单外数据出境,可以不申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证。
7.The Pilot free trade zone may on its own formulate a l ist of data (hereinafter referred to as the Negative List that need to be included in the scope of security assessment on  ross border data transfer, a standard contract for the cross border transfer of personal information, or a personal information protection certification , and submit the Negative List for the app roval by the cyberspace affairs commission at provincial level. After the above approval has been obtained, the Negative List shall be applied for record filing with the Central Cyberspace Administration of China.
Data excluded from the Negative List ca n be provided acr oss the border with no need to apply for security assessment on cross border data transfer , enter into a standard contract for the cross border transfer of personal information, or obtain a personal information protection certification.


八、国家机关和关键信息基础设施运营者向境外提供个人信息和重要数据的,依照有关法律、行政法规、部门规章规定执行。
向境外提供涉及党政军和涉密单位敏感信息、敏感个人信息的,依照有关法律、行政法规、部门规章规定执行。
8. State organs and critical information infrastructure operators which provide personal information and important data across the bor der shall do so in accordance wi th relevant laws, administrative regulations, and departmental rules.
The provision of sensitive information involving the Party, government, military and classified units and sensitive personal information across the border shall be carried out in accordance with relevant laws, administrative regulations, and departmental rules.


九、数据处理者向境外提供重要数据和个人信息,应当遵守法律、行政法规的规定,履行数据安全保护义务,保障数据出境安全;发生数据出境安全事件或者发现数据出境安全风险增大的,应当采取补救措施,及时向网信部门报告。
9. Local data handlers that provide important data and personal information outside the country shall comply with the provisions of laws and administrative regulations, fulfil their data security protection obligations and safeguard the security of the cross border transfer of data; in the event of a security incident in the data export or discovery of an increase in the security risk of the data export, remediation measures shall be taken and a report shall be made in a timely manner to cyberspace administration

十、各地方网信部门应当加强对数据处理者数据出境活动的指导监督,强化事前事中事后监管,发现数据出境活动存在较大风险或者发生安全事件的,要求数据处理者进行整改消除隐患;对拒不改正或者导致严重后果的,依法责令其停止数据出境活动,保障数据安全。
10. Cyberspace administration at the provincial or municipal level shall strengthen the guidance and supervision of local data handlers' data export activities, reinforce the supervision beforehand , during and after data export activities , and instruct local data handlers to carry out rectification to eliminate hidden dangers if a higher risk is de tected in data export activities or if a security incident occurs; and if local data handlers refuse to make corrections or bring about serious consequences, cyberspace administration at the provincial or municipal level shall order them to halt data export activities in accordance with relevant laws for safeguarding the data security.

十一、《数据出境安全评估办法》、《个人信息出境标准合同办法》等相关规定与本规定不一致的,按照本规定执行。
11.In the event there is any inconsistency between the Provisions and the rel evant provisions including the Measures for Security Assessment on Cross border Data Transfer and the Measures for the Standard Contract for Cross border Transfer of Personal Information , the Provisions shall be prevailing and implemented.


(Issued by Central Cyberspace Administration of China on Sep.28, 2023)



点击图片,立即购买GDPR高级班62讲
每天两块钱,实时获取全球数据合规风险预警
👇

微信扫码关注该文公众号作者

戳这里提交新闻线索和高质量文章给我们。
相关阅读
全文 |《工业和信息化领域数据安全风险评估实施细则(试行)》征求意见国家药监局综合司公开征求《麻醉药品和精神药品实验研究管理规定(征求意见稿)》意见艾莉森 博塔 - 被强奸和残杀后的生存奇迹国家药监局综合司公开征求《牙膏备案资料管理规定(征求意见稿)》意见规范人脸识别!国家网信办公开征求意见这样的开启方式?重磅全文 | 国家网信办《个人信息保护合规审计管理办法》公开征求意见国家药监局综合司公开征求《关于进一步加强医疗器械产品分类界定有关工作的通知》(征求意见稿)意见《电视剧、网络剧摄制组安全生产管理规定(试行)》出炉全文 | 国家标准《重要数据处理安全要求》征求意见人脸识别技术应用征求意见发布;微软推出最强生成式AI虚拟机;华为天才少年大模型创业丨AIGC大事日报全文 | 国家网信办《规范和促进数据跨境流动规定》公开征求意见“未成年人模式”,官方公开征求意见文旅部 公安部《关于进一步加强大型营业性演出活动规范管理促进演出市场健康有序发展的通知》全文 |《工业和信息化领域数据安全行政处罚裁量指引(试行)》征求意见【金融行业】自贸区将迎数据跨境探索创新机遇——评《规范和促进数据跨境流动规定(征求意见稿)》“红楼隐史”的视频正式上线了!含糖饮料健康提示标识的制作样式及设置规范向社会公开征求意见,欢迎您10月31日前反馈!“未成年人模式”要来了?国家网信办公开征求意见→【体育内参】广东省体育局关于公开征求《关于在全省大中小学校设置体育教练员岗位的实施细则(征求意见稿)》意见的公告《贵州省数据要素登记管理办法(试行)》公开征求意见国家网信办《移动互联网未成年人模式建设指南》公开征求意见数据跨境新规征求意见:降低合规成本,促进数据流动奇石女人《北京市外商投资条例》:建立数据跨境外企绿色通道与数据自由流动白名单华科成功首次验证合成了可以磁悬浮的LK-99晶体!重磅!《上市公司独立董事管理办法》与征求意见稿条款对照表上海市副市长:上海将加快建设更多联通国际的功能性平台,在跨境投资、数据跨境流动等方面先行先试《贵州省数据流通交易促进条例(草案)》征求意见全文 |《生成式人工智能服务内容标识要求》征求意见国家药监局综合司公开征求《化妆品检查管理办法(征求意见稿)》意见国家药监局综合司公开征求《药品网络交易第三方平台检查指导原则(征求意见稿)》意见国家药监局综合司公开征求《医疗器械网络销售质量管理规范(征求意见稿)》意见全文 |《网络安全标准实践指南—粤港澳大湾区跨境个人信息保护要求》公开征求意见国家药监局综合司公开征求《药品现代物流规范化建设的指导意见(征求意见稿)》意见
logo
联系我们隐私协议©2024 redian.news
Redian新闻
Redian.news刊载任何文章,不代表同意其说法或描述,仅为提供更多信息,也不构成任何建议。文章信息的合法性及真实性由其作者负责,与Redian.news及其运营公司无关。欢迎投稿,如发现稿件侵权,或作者不愿在本网发表文章,请版权拥有者通知本网处理。