As China imposes stricter data reviews rules, here’s what it comprises

• Among others, China had just imposed national security review on data and merger deals involving foreign capital.
• The guidelines aim to boost the country’s data market, while addressing issues such as data rights and trading profit distribution.
• It is a part of Beijing moves to safeguard what it considers as sensitive information.

In the fall of 2021, two new laws dealing with data security and privacy came into force in China, and it was anticipated to have an impact on many multinational companies operating in China or whose operations touch China. Those two laws — the Data Security Law and the Personal Information Protection Law — provide more specificity about the data localization, data export and data protection requirements that first appeared in the Chinese Cybersecurity Law in 2017.

The Data Security Law specifically treats some domestically generated information as a matter of national security and it also involves a review requirement, but did not provide specific guidance. Right after the implementation of the Data Security Law, China had set up a process for initial public offerings (IPOs) overseas to go through a security review if the business involves the data of more than one million Chinese consumers.

This week, as an extension to the Data Security Law, new policy guidelines were released by the Central Committee of the Chinese Communist Party and the State Council, the country’s cabinet. Essentially, the guidelines are being put in place to boost the country’s data market, while addressing issues such as data rights and trading profit distribution.

Jointly released by the Central Committee of the Communist Party of China and the State Council, the new measures, which expand market accesses for both domestic and foreign players and put in place transparent regulations, will further boost the country’s rapidly growing data industry, while ensuring security, according to analysts.

In other words, it aims to lay the groundwork for what Beijing calls a “fundamental data system”, which will cover areas such as defining the data rights of different entities, management and supervision of information, and trading and profit distribution in the data market. The authorities will also establish a detailed mechanism for defining data rights for public, corporate and personal information, according to the new guidelines.

“As a new production factor, data is the basis of digitization, networking and intelligence, and the construction of basic systems for data is a matter of national development and security”, the official document containing the measures stated. According to the document, the country will build basic data systems in four aspects, including data property rights, circulation and transaction, revenue distribution and security governance, which is in accordance with the efforts made by the Central Economic Work Conference to support digital economy platforms.

There will also be three main types of data rights, including the right to hold data resources, the right to process and use data, and the right to manage data products. That brings us to the other elements of the guidelines and that is a strict review of data processing, cross-border data transfers, and mergers and acquisitions (M&A) activities involving foreign capital — especially those that could affect national security. 

The document also said that China opposes hegemony and protectionism in the data industry and will effectively counter “long-arm jurisdiction” in the area. Additionally, as part of Beijing moves to safeguard what it considers as sensitive information, there are measures the guidelines cover that include taking part in formulating international rules and technical standards in areas like digital currency.  

The document also encourages domestic and foreign enterprises and organizations to carry out business cooperation in cross-border data flows in accordance with the law and regulations, promoting the formation of a fair and competitive international market. That said, fr typical application scenarios such as cross-border e-commerce, cross-border payment and supply chain management, the government will explore safe and standardized methods of cross-border data flows.

The latest set of guidelines released is actually a part of a larger movement in China whereby the government has been applying commercial rules to data as part of their efforts to boost the country’s digital economy. Other efforts include data exchanges which have already been launched in major cities across China. Just in November, trading kicked off at the state-run data exchange in the southern tech hub of Shenzhen, allowing companies to buy and sell data the way they do with regular commodities, SCMP shared.

---

---

---

---