Skip to content

China Enacted New Data Security Law

The Standing Committee of China’s National People’s Congress passed the Data Security Law (DSL) on June 10, elevating government regulation of private sector data. The new law, which will take effect on September 1, regulates the collection, use, processing and transmission of data and demonstrates Beijing’s growing ambition for data control.

The DSL provides that companies that violate the national core data management system, “endanger national sovereignty, security and development interests,” or illegally transfer “important national data” overseas will face fines of up to 10 million yuan ($1.6 million) and may be forced to close down.

The law applies a broad definition of “core data.” It refers to any data “related to national security, the lifeline of the national economy, important people’s livelihoods, vital public interests, and other concerns.”

DSL details how data collected by enterprises inside China should be exported, including operators of “critical information infrastructures,” energy, transportation, finance, public communication and other fields. The cross-border transfer of such data will be subject to the provisions of the Cybersecurity Law.

In the Cybersecurity Law enacted effective in 2017, Chinese regulators formally made data localization a prerequisite for foreign financial institutions attempting to gain a foothold in China. In the same year the U.S. tech giant Apple promised to store its customers’ cloud-based data in a company owned by the Chinese government, and to set up data centers in China.

On May 12, China also released “Certain Regulations on the Security Management of Automobile Data Security (Draft for Public Opinion),” which prohibits the transmission of driving data involving road traffic, vehicle location, images and other data outside China. Soon afterwards, Tesla announced that it would set up several data centers in China. On June 11, the second of the enactment of DSL, Tesla posted on its Weibo account, “(We) will strictly comply with the data security law.”

Chinese President Xi Jinping is increasingly inclined to tighten data control. Radio Free Asia cites sources familiar with internal discussions that Xi once said in a closed-door meeting, “Whoever controls the data has the initiative.”

Source: Radio Free Asia, June 14, 2021