23 Aug 2023 China Legal Update – August 23, 2023
1. FDI: Cross-border Trade and Investment Facilitated
On July 24, State Administration of Foreign Exchanges (hereafter “SAFE”) released a draft on measures to promote cross-border trade and investment(“Draft”) for public opinions and comments.
The Draft includes ten measures as follows:
- Expand pilots on facilitation of trade and foreign exchange payments;
- Cancel the restrictions on capital of non-investment foreign-invested enterprises investing in domestic equity;
- Expand pilots on facilitation of capital account income payments;
- Loosen the restrictions on the use of foreign exchange funds settlement for capital projects;
- Simplify the trade receipt and payment procedures for small and micro cross-border e-commerce enterprises;
- Reform the registration and management system of enterprises’ foreign debt;
- Cancel the restrictions on the number of foreign exchange accounts opened for capital projects;
- Optimize the reporting of foreign exchange operations for trade in goods;
- Liberalize the opening of accounts for verification of export revenues;
- Facilitate the registration of enterprise branch directory.
2. HR: Participation of Foreigners Employed in China in Social Insurance
On August 3, Ministry of Human Resources and Social Security of People’s Republic of China (hereafter “MOHRSS”) released a draft on interim measures for the social insurance for the foreigners employed in China (“Draft”) for public opinions and comments.
The Draft provides three methods for foreigners employed in China to obtain the certification of social insurance qualification. They can choose to conduct the online certification through “China Consular”, “Zhangshang 12333” or “e-Social Security Card” APPs, provide the survival certificate issued by the Chinese embassy or consulate abroad, or provide the survival certificate notarized and certified by the relevant institution in the country of residence and legalized by the Chinese embassy or consulate abroad.
The difference between the second method and the third method is whether the foreigner is from a country that is member of the Convention Abolishing the Requirement of Legalisation for Foreign Public Documents (see our publication on Apostille Convention). If the foreigner residing in a country that is a party to the Convention like France, the consular legalization of the foreign public documents will be exempted.
3. Personal Information: Data processors should be requested to conduct compliance audit
On August 3, Cyberspace Administration of China (hereafter “CAC”) issued a Draft on Administrative Measures of Compliance Audit on Personal Information Protection (“Draft”) for public opinions and comments to strengthen the protection of personal information.
The Draft requires all entities processing personal information to conduct compliance audit. For those processing over 1 million personal information, they should conduct the audit annually, and at least once every two years for other entities. CAC may also require a personal information processor to conduct compliance audit if there is a security incident or relatively high risks in the processing activities.
The Draft states that the processor may conduct the audit itself or through professional institutions. The list of professional institutions shall be issued by CAC, the public security authority and other related authorities, which is estimated to be released soon. However, there is no accurate date. If the audit is requested by CAC, the processor cannot conduct the audit itself, but through a professional institution and must complete the audit within 90 working days.
The points of the compliance audit include five aspects:
- Details of personal information processing activities, e.g., the legal basis for processing, disclosure and notification of processing procedure, joint processing and entrusted processing of personal information, automated decision-making, collection of personal profile, processing of published personal information or sensitive personal information, and collection of minors’ personal information;
- Cross-border data transfer;
- Protection measures for the rights of the information subjects;
- Internal policies and security measures of the processor; and
- Large-scale internet platform operators’ personal information processing activities and the implementation of their special protection measures.
The Draft also provides that the processor may be subject to administrative penalties or even criminal liabilities if it fails to conduct the compliance audit.