State interests, not company priorities, determine 'important data,' Chinese official says
06 Jan 2020 12:00 am by Xu Yuan
Data referred to as "important" under China's data-protection regime, which is subject to scrutiny before being exported, is evaluated against its importance to the country, not its importance to businesses or individuals, a Chinese cybersecurity official said.
"The important data [as required by the law] is important data for a country, and not for companies or individuals," Liang Bo, director of the Cybersecurity Coordination Bureau of the Cyberspace Administration, told a data conference in Zhuhai.
China's Cybersecurity Law, which came into effect in June 2017, requires localization of personal information and important data collected by operators of critical information infrastructure and security reviews to be carried out for any export.
Liang's remarks are in response to companies' concerns on whether data collected from the operation of multinational companies could be categorized as important data.
In the draft Data Security Management Regulations published last May, important data is defined as data that, if leaked, could directly affect national security, economic security, social stability, public health and security.
Important data doesn't include information relating to companies' internal production, operation or management, or personal data, according to the May draft.
Liang said data can be exported from China if it doesn't impose harm to national security or social interest and personal data involved is property protected.
The Cyberspace Administration, China's Internet regulator, published draft regulations for exporting personal data in June 2019. The regulator is currently drafting similar regulations for important data.
The official said that in drafting the regulations, the regulator had consulted international experiences, including the APEC Cross-Border Privacy Rules and the EU's General Data Protection Regulation.
The regulator has also taken into consideration the demand for cross-border data flows in globalization and sought to balance the relationship between cross-border data flows and data security management, according to Liang.
"We have received a large amount of feedback from both domestic and foreign businesses, experts and government departments," Liang said. "We are currently digesting and revising [the draft]."
14 Oct 2020 12:55 am by Jet Damazo-SantosAfter the Philippine privacy regulator issued another harsh warning against privacy violations, members of a data protection group began raising questions.
09 Oct 2020 9:17 pm by Jakub KrupaThe UK already had a high wall to climb for it to win an adequacy decision that will let it continue data flows to the EU after Brexit.
02 Oct 2020 11:00 am by Amy MillerCanadian tech companies will soon be subject to tougher privacy laws as lawmakers face intense pressure to keep pace with European privacy standards.