Beijing CAC Approved the First China SCC Filing
By Amigo L. Xie, Lingjun Zhang, and Dan Wu
About four months after the Cyberspace Administration of China (CAC) released the Measures for the Standard Contract for the Export of Personal Data from China (China SCC Measures), and 15 working days after the China SCC Measures became effective, Beijing CAC published a notice announcing that a Beijing-based company passed the first-ever China SCC filing on 25 June 2023 (Notice).
Based on the Notice, the first China SCC filing relates to a cross-border personal data transfer from a Beijing-based data exporter, an online data service provider, to a Hong Kong-based data recipient. The type of data exported by the Beijing-based data exporter is personal data related to credit references as disclosed by the Notice.
The completion of the first-ever China SCC filing conveyed some positive messages to the market:
- First, the completion of the filing clarified the legal way to transfer this kind of sensitive personal data from China. Under the Administrative Measures for Credit Reporting Business, personal credit data collected within the territory of China must be stored in China (as a general rule), and any cross-border transfer of such personal data shall be made in accordance with applicable Chinese laws and regulations. However, the administrative measures are silent on the legal way to transmit such sensitive personal data outside of China. The completion of the first China SCC filing clarified that China SCC filing could be one legal way to export this type of sensitive personal data from China.
- Second, Beijing CAC has been spearheading the implementation of the cross-border data transfer mechanisms with a balanced approach to facilitate personal data cross-border flow while protecting data security. Of all the cities in China, Beijing CAC announced the first positive CAC security assessment case and accepted the first-ever China SCC filing. Compared to about four months to approve the first CAC security assessment case after the CAC Security Assessment Guideline was issued, Beijing CAC obviously took far less time in reviewing the China SCC filing as this first SCC filing was completed just 15 working days after the China SCC Measures took effect.
The swift approval mechanism highlights Chinese regulators’ willingness to support the cross-border personal data flow and provide for legal certainty for Chinese and foreign entities.