On October 9, the Cyberspace Administration of China (CAC) drafted the Provisions on Regulating and Facilitating Cross-Border Data Flow (Draft for Comment) (the "Draft") and published it for public feedback. 

The Draft states that outbound transfers of data generated in international trade, academic cooperation, cross-border manufacturing and marketing activities, which do not contain personal information or important data, will not require applying for data transfer security assessment, establishing a standard contract for outbound cross-border transfer of personal information, or undergoing certification for the protection of personal information. According to the Draft, in cases where an outbound transfer of personal information is necessary for the purpose of entering into or performing a contract to which an individual is a party, such as cross-border shopping, cross-border remittance, air ticket or hotel booking, and visa application, or for protecting the life, health, and property safety of a natural person in cases of emergencies, it is not required to apply for a security assessment of outbound data transfer, establish a standard contract for outbound cross-border transfer of personal information, or undergo certification for the protection of personal information

(Source: Cyberspace Administration of China)