State interests, not company priorities, determine 'important data,' Chinese official says
06 Jan 2020 12:00 am by Xu Yuan
Data referred to as "important" under China's data-protection regime, which is subject to scrutiny before being exported, is evaluated against its importance to the country, not its importance to businesses or individuals, a Chinese cybersecurity official said.
"The important data [as required by the law] is important data for a country, and not for companies or individuals," Liang Bo, director of the Cybersecurity Coordination Bureau of the Cyberspace Administration, told a data conference in Zhuhai.
China's Cybersecurity Law, which came into effect in June 2017, requires localization of personal information and important data collected by operators of critical information infrastructure and security reviews to be carried out for any export.
Liang's remarks are in response to companies' concerns on whether data collected from the operation of multinational companies could be categorized as important data.
In the draft Data Security Management Regulations published last May, important data is defined as data that, if leaked, could directly affect national security, economic security, social stability, public health and security.
Important data doesn't include information relating to companies' internal production, operation or management, or personal data, according to the May draft.
Liang said data can be exported from China if it doesn't impose harm to national security or social interest and personal data involved is property protected.
The Cyberspace Administration, China's Internet regulator, published draft regulations for exporting personal data in June 2019. The regulator is currently drafting similar regulations for important data.
The official said that in drafting the regulations, the regulator had consulted international experiences, including the APEC Cross-Border Privacy Rules and the EU's General Data Protection Regulation.
The regulator has also taken into consideration the demand for cross-border data flows in globalization and sought to balance the relationship between cross-border data flows and data security management, according to Liang.
"We have received a large amount of feedback from both domestic and foreign businesses, experts and government departments," Liang said. "We are currently digesting and revising [the draft]."
TikTok may be able to escape its current dispute with the US, but the video-sharing app will still be facing regulatory headwinds around the globe.
03 Aug 2020 9:29 pm by Ana Paula CandilCompanies are pressuring Brazilian lawmakers to delay implementation of the nation's data-protection law from Aug. 16 until next May.
Biggest cyberattack ever caused $15 billion loss to customers of companies directly hit, though banks softened impact, study says31 Jul 2020 12:00 pm by Neil RolandThe most damaging cyberattack ever in 2017, caused a $15 billion loss to customers of companies directly hit, a federal study said.