China has unveiled its latest move in the realm of cybersecurity with the publication of the “Network Data Security Management Regulations.” Set to take effect on January 1st next year, these regulations signify a significant escalation in the government’s approach to data security oversight.
The new rules, signed into order by Premier Li Qiang, establish a comprehensive framework for managing network data security. They emphasize a system of data classification and graded protection while strictly prohibiting illegal data processing. Under these regulations, network data processors are required to implement robust security management systems and fulfill obligations related to risk reporting and security incident handling.
In a notable shift from the 2021 draft, the current version has softened its stance on certain controversial elements. The previously proposed comprehensive approval mechanism for data exports has been replaced with more flexible conditions for cross-border data transmission. Additionally, the regulations have streamlined algorithm review requirements for platforms, aiming to enhance transparency and social responsibility standards.
Personal information protection receives particular attention in the new regulations. They outline specific measures governing the use of automated collection technologies and clearly define the responsibilities of network data processors in ensuring lawful collection and processing of personal information.
For cross-border data transfers, the regulations stipulate that such transfers must comply with international treaties and agreements to which China is a party. Importantly, data not categorized as “important” will not require cross-border security assessments.
Despite these adjustments, concerns persist among foreign businesses operating in China. While some controversial elements have been removed, uncertainties remain regarding the practical implementation of these regulations. Foreign companies continue to face strict data control measures, as exemplified by Apple’s requirement to store Chinese user data on servers in Guizhou.
As China’s digital economy continues to grow, these new regulations underscore the government’s commitment to maintaining a firm grip on data security while attempting to balance domestic control with international business practices.
Source: Radio Free Asia, October 1, 2024
https://www.rfa.org/mandarin/yataibaodao/meiti/jw-china-online-data-security-management-regulations-10012024102348.html