State interests, not company priorities, determine 'important data,' Chinese official says
06 Jan 2020 12:34 pm by Xu Yuan
Data referred to as "important" under China's data-protection regime, which is subject to scrutiny before being exported, is evaluated against its importance to the country, not its importance to businesses or individuals, a Chinese cybersecurity official said.
"The important data [as required by the law] is important data for a country, and not for companies or individuals," Liang Bo, director of the Cybersecurity Coordination Bureau of the Cyberspace Administration, told a data conference in Zhuhai.
China's Cybersecurity Law, which came into effect in June 2017, requires localization of personal information and important data collected by operators of critical information infrastructure and security reviews to be carried out for any export.
Liang's remarks are in response to companies' concerns on whether data collected from the operation of multinational companies could be categorized as important data.
In the draft Data Security Management Regulations published last May, important data is defined as data that, if leaked, could directly affect national security, economic security, social stability, public health and security.
Important data doesn't include information relating to companies' internal production, operation or management, or personal data, according to the May draft.
Liang said data can be exported from China if it doesn't impose harm to national security or social interest and personal data involved is property protected.
The Cyberspace Administration, China's Internet regulator, published draft regulations for exporting personal data in June 2019. The regulator is currently drafting similar regulations for important data.
The official said that in drafting the regulations, the regulator had consulted international experiences, including the APEC Cross-Border Privacy Rules and the EU's General Data Protection Regulation.
The regulator has also taken into consideration the demand for cross-border data flows in globalization and sought to balance the relationship between cross-border data flows and data security management, according to Liang.
"We have received a large amount of feedback from both domestic and foreign businesses, experts and government departments," Liang said. "We are currently digesting and revising [the draft]."
Connecticut, New York, Florida and other US states are investigating whether Zoom, the videoconferencing platform that’s exploded in popularity during the Covid-19 pandemic, has violated any laws by failing to protect users’ privacy and secure its systems, the Connecticut attorney general announced.
02 Apr 2020 12:31 pm by Dave PereraEquifax faces a bill of slightly more than $2 billion to settle consumer complaints stemming from the credit reporting agency’s massive 2017 data breach.
01 Apr 2020 6:22 pm by Vesela GladichevaA landmark UK ruling freed Wm Morrison Supermarkets from indirect liability for a rogue employee's data leak — but still leaves the door open for future litigation targeting companies over accidental data disclosures by employees.