Industry associations critical of China’s draft Standard Contractual Clauses
A group of industry associations from Europe, the US, Africa, Japan and specific sectors has issued a joint letter on 28 July recommending the revision of China’s draft Standard Contract Provisions for international data transfers. They ask for these contract provisions to be revised to align more closely with EU GDPR SCCs, which cover a broader range of transfer scenarios and contractual relationships.
The industry associations stress that the provisions should afford equal treatment to Chinese and foreign enterprises, services, and technologies.
China’s draft clauses, in their current form, would not be applicable to the largest businesses. The global industries say that the conditions for disqualifying companies from using SCCs need further study. For example, the thresholds required for Cyberspace Administration of China (CAC) security assessments are so low (representing transfers covering 0.07% (1 million people) and 0.0007% (10,000 people) of China’s population of 1.4 billion people over a 12-24 month period), that most international companies will be unable to rely on standard contracts.
Other factors mentioned in the letter include:
1. The need to refine transfer impact assessment procedures
2. A request that parties may tailor the language of contracts to specific circumstances
3. The importance of re-evaluating thresholds for updating contracts.
The letter summarises its position stating “The numerous departures in the Standard Contract Provisions from prevailing international practice would likely prevent many companies from relying on the Provisions, negatively impacting Chinese and foreign enterprises alike without improving the privacy and security of the personal information of Chinese citizens.”
See: The full industry letter, and Notice of the Cyberspace Administration of China on Public Solicitation of Comments on the "Standard Contract Provisions for the Exit of Personal Information (Draft for Comment)" (in Chinese)
Also, read an analysis of the proposed SCCs by Professor Graham Greenleaf in Privacy Laws & Business International Report, August 2022. Go here to subscribe.