Since the enactment of the Personal Information Protection Law (PIPL), enterprises anticipate that this new law may provide a solution to legitimize the cross-border transfer of personal information.
According to item 2 of Article 38 of the PIPL, when a controller needs to transfer personal information outside of China, it may choose to obtain an personal information protection certification issued by a professional institution in accordance with the relevant requirements set by the Cyberspace Administration of China.
Who are the relevant service providers in China? If so, are they qualified to meet Article 38 of the PIPL as personal data protection certification service providers? What is the scope of this draft standard and what are its requirements?
According to Zhang Beibei and Isabelle Doyon from our Shanghai office, a draft national standard released in late April 2022 provides some guidance.
