General

Watson & Band Import and Export Data Observation reported that the "Measures for Data Exit Security Assessment" has been implemented since September 1, and data security has gradually become an important part of national security. At the same time, some major economies and powers in the world have released data strategies centered on developing the digital economy and protecting data security, such as the United States' Data Strategy, the European Union's General Data Protection Regulation, the European Union Data Strategy, and Recently, the Digital Markets Act and the Digital Services Act officially passed by the European Parliament, many countries are actively carrying out legislation and strategic planning in the field of data security, aiming to solve the problem of data use and management rights of large technology companies.

Watson & Band Import and Export Data Observation Report, "For Chinese technology companies, Internet platform companies, and related companies whose business activities involve data export, personal information collection and processing, etc. within the scope of export control, how to strengthen risk prevention in the industry and the implementation of main responsibilities? How to test and evaluate the network and data security line of defense, and how to promote network data security compliance work according to the situation requires in-depth discussion." At the seminar on the new regulations on data export held recently, Jingjiren Law Firm Senior Consultant Lawyer (Partner) Human level) Xue Ying said.

Xue Ying introduced that data processors should carry out data export risk self-assessment before applying for data export security assessment, focusing on the following matters: the legitimacy and legitimacy of data export and the purpose, scope and method of data export by overseas recipients , necessity; the scale, scope, type, and sensitivity of the data going abroad, the risks that the data export may bring to national security, public interests, and the legitimate rights and interests of individuals or organizations; the responsibilities and obligations that the overseas recipient undertakes, and the procedures for fulfilling the responsibilities and obligations. Whether management and technical measures, capabilities, etc. can ensure the security of outbound data; whether the data is tampered, destroyed, leaked, lost, transferred, illegally obtained, illegally used, etc. risks during and after the data is out of the country, and whether the channels for maintaining personal information rights and interests are smooth. etc.; whether the data export-related contract or other legally binding documents to be concluded with the overseas recipient fully stipulates the responsibility and obligation of data security protection; other matters that may affect the security of data export, Watson & Band Data Observation reports.

According to Huacheng Import and Export Data Observation Report, there is a certain period of time for data export security assessment. “If the following circumstances occur within the validity period, the data processor shall re-declare the evaluation: First, the purpose, method, scope, and type of data provided overseas, and the purpose and method of data processing by overseas recipients change, which affects the security of outbound data, or Extending the overseas storage period of personal information and important data; second, changes in the data security protection policies, regulations and network security environment of the country or region where the overseas recipient is located, as well as other force majeure circumstances, changes in the actual control of the data processor or overseas recipient , changes in legal documents between data processors and overseas recipients, etc. that affect the security of outbound data; the third is other circumstances that affect the security of outbound data." Xue Ying said.

After the evaluation is completed, the data processor needs to draw up legal documents with overseas recipients to ensure data security. Chen Yang, a lawyer from Jiren Law Firm, said that the document includes the purpose, method and scope of data going abroad, the purpose and method of data processing by overseas recipients, etc.; the location and duration of data storage overseas, as well as the storage duration and the completion of the agreed purpose. Or the processing measures for outbound data after the termination of legal documents; binding requirements for overseas recipients to transfer outbound data to other organizations or individuals; overseas recipients have substantial changes in their actual control rights or business scope, or the country or region where they are located Security measures that should be taken when data security protection policies and regulations, network security environment changes, and other force majeure circumstances make it difficult to ensure data security; remedial measures, breach of contract liability, and dispute resolution methods for violations of data security protection obligations agreed in legal documents; When data is at risk of being tampered with, destroyed, leaked, lost, transferred, or illegally obtained or used illegally, it is necessary to properly carry out emergency response requirements and safeguard the ways and methods for individuals to safeguard their personal information rights, Watson & Band Data Observation reports.