The Cyberspace Administration of China (CAC) said that rules requiring data exports to undergo security reviews would take effect from Sept. 1. The rules will affect hundreds, if not thousands, of Chinese companies.
The mandatory security review will be used to determine whether large quantities of Chinese user data in the possession of a private entity can be sent overseas. The details of the procedure were published on the regulator's official WeChat account, Reuters reported.
An important detail was added to the security review rules. Companies or entities that have since Jan. 1 of last year sent abroad the personal information of 100,000 or more users, or "sensitive" personal information belonging to 10,000 or more users, would also have to undergo the CAC security review.
Previously it was unknown from which date the CAC would measure the size of companies and entities' user data troves.
Clarifying the specific provisions of the data export security review is necessary "to promote the healthy development of the digital economy, prevent and resolve cross-border data security risks, safeguard national security and the societal and public interest," CAC said in a statement.
The CAC launced cybersecurity reviews into Chinese companies Full Truck Alliance, Kanzhun Ltd, and ride-hailing giant Didi Global in July last year. The regulator required the companies to stop registering new users, citing national security and the public interest factors.
Last week, Full Truck Alliance and Kanzhun announced the resumption of new user registration and said they had "rectified" the issues identified by the CAC's probe. Didi has not yet made such an announcement.
