China is stepping up efforts to strengthen data security, especially
that to be provided overseas, by legislation to better regulate data
processing and safeguard State and personal information security. The Cyberspace Administration of China, the country's top internet
watchdog, unveiled on Wednesday a draft regulation on managing data
related to automobiles, to intensify the protection of personal and
other crucial data generated on the Chinese mainland. The draft applies to operators that design, produce, sell, maintain
the service of and manage automobiles on the mainland, when they
collect, analyze, store, transmit, inquire about, use and delete
personal information and key data. It stipulates that individuals must agree to the collection of their
personal data, and personal information or key data should be stored on
the Chinese mainland. Data that is to be provided offshore must receive
and pass data exit safety assessments by the nation's cyberspace
authorities. When operators offer personal information or key data abroad, they
will need to take effective measures to clarify and supervise that
receivers' use of the data is in accordance with the purpose, scope and
manner agreed to by the two sides, in order to ensure data security,
according to the draft regulation. The administration released the full text of the draft regulation
online for public advice before June 11. On Wednesday night, US car
manufacturer Tesla said in a statement regarding the draft regulation on
Sina Weibo, China's equivalent of Twitter, that it supports and answers
the call to have a more regulated industry, and "the public is welcome
to offer suggestions to the authorities". The latest draft follows an earlier draft law on data security that
was submitted to the Standing Committee of the 13th National People's
Congress, China's top legislature, for a second review in late April.
The draft law highlighted the security of outbound data while aiming to
promote the development of the data sector. The draft law specifies that those who privately provide domestic
data to judicial or law enforcement agencies overseas may face a fine of
up to 1 million yuan ($155,000), and it tightens management of
operators trying to take data collected or generated on the mainland to
overseas areas. Besides operators of critical information infrastructure, more data
processors, including those of enterprises and data analysis centers,
will also face stricter management if they produce or collect data on
the mainland, according to the new draft law. "In other words, the scope of outbound data security management in
the latest draft law has been expanded," said Zhang Tao, a lawyer at
Beijing Huaxun Law Offices who specializes in the sector. "The move is necessary, as the aim of the legislation is to ensure
data activities are safe in each step," he said, adding that security is
the foundation of data use and development. How to keep a balance between ensuring data security while promoting
the sound development of the sector has become a hot topic in China, as
the country has seen a rapid growth of big data and data flow in recent
years. Liu Yaohua, a researcher at the China Academy of Information and
Communications Technology, published an article in China Economic Weekly
in April, in which he said China urgently needed to improve rules on
cross-border data flow, as the data sector is booming and many new
challenges have surfaced. The article cited a survey by the Washington-based Brookings
Institution, which found that between 2009 and 2018, cross-border data
flow contributed about 10 percent to global GDP growth, and the
contribution could exceed $11 trillion by 2025. It also noted that the
United States, the European Union and other countries or regions have
made different cross-border data flow policies based on their own
security and economic growth situations. Liu said a series of high-level policies and rules on cross-border
data flow have been implemented at the national, industrial and
enterprise levels in China since the Chinese Cybersecurity Law took
effect in 2017. He also said China should ensure that data will flow in a
legal and orderly manner. Li Guangqian, a researcher at the Development Research Center of the
State Council, said that at present, countries have different attitudes
toward cross-border data flow, but he believes that protecting personal
information and key data for a country is as important as promoting the
development of the data industry. "China should deal with the cross-border data flow from the
perspective of compliance, and formulate relevant rules in line with our
own national conditions," he was quoted as saying by the Financial News
in April.
|