All about China’s New Data Security Laws

New Data Security

Is China’s new Data Security Law another strong brick in The Great Firewall?

First introduced in June 2020, the Data Security Law (DSL or “The Law” ) of the People’s Republic of China has faced three revisions before its official promulgation during the 29th session of the Standing Committee of the 13th National People’s Congress. The law is set to come into effect on 1st September 2021.

With China’s continued emphasis on cybersecurity as a core aspect of national security, legislation regarding data protection has taken center stage in the past year.

The DSL is to work in tandem with the country’s Personal Information Protection Law (PIPL), as well as with the pre-existing Cyber Security Law, which was passed in 2017. The Law takes inspiration from the EU’s General Data Protection Regulation (GDPR) which remains one of the most comprehensive works of legislation dealing with personal information, online privacy and data protection regulations in the world.

What prompted the need for The Data Security Law?

With the onset of the Covid-19 pandemic in December 2019, nations across the globe have seen a marked increase in cybersecurity and privacy issues, as businesses, educational institutes and even governing bodies were forced to shift online to keep things running. While technology has been the primary silver lining during the pandemic, it has also put millions at risk of hacking, espionage and even identity theft.

The summer of 2020 saw the USA release executive orders against Chinese apps Tiktok and Wechat due to a perceived threat of the misuse of the personal information of its citizens.

India has also banned 59 Chinese apps, including Tiktok, on similar grounds.

Keeping up with the global trends with an emphasis on cybersecurity, China has taken steps towards data privacy and security for the digital wellbeing of its citizens. The Law emphasizes how data is used, collected, developed and protected in China, with offenders being at risk of facing high penalties.

What are the highlights of the Data Security Law?

Scope of implementation

  • The DSL will apply to the security regulations and data processing activities within the People’s Republic of China.
  • Foreign data processing activities that threaten the national security, public interests, or the legitimate rights of citizens or organizations of the People’s Republic of China will be investigated under the Law.

Data security protection obligations

As per the statutes of the DSL, individuals and businesses based in Chinese territory or handling the data generated by Chinese citizens are expected to comply with the following:

  • Individuals responsible for data security management, implementing data security protection and critical data processing must be clearly designated.
  • Data security incidents must be reported to competent authorities and users promptly, and remedial measures must be undertaken immediately.
  • Regular risk assessments of data processing activities must be conducted by the processors of critical data, with reports submitted to the relevant competent authorities.
  • Institutions engaged in intermediary data services are required to explain the data’s origins, to ensure that the data has not been acquired by illegal means and is not among those prohibited by Chinese laws and regulations.

Cross-border transfers of data

  • The DSL applies not only to businesses situated within Chinese territory but also to businesses outside of China that either collaborate with Chinese businesses or handle data of Chinese citizens. This extends its influence beyond Chinese borders.
  • The provisions of the Law apply to the export of critical data collected and generated by data of operators of critical information infrastructure within the People’s Republic of China.
  • The provisions of the Law apply to the export of critical data collected and generated by data of operators of critical information infrastructure within the People’s Republic of China.

Concerns

  • There have been concerns raised regarding the vagueness of some aspects of the law, as well as slight variations in interpretations across the board.
  • In aiming to protect national security interests, Chinese authorities have set out to define special classes of data, including “national core data” and “important data”. However, what exactly comes under Core Data has not been explicitly defined.
  • Businesses are expected to comply with the Law from the 1st of September 2021, violators being liable for fines. The law as it stands, however, does not provide details on obtaining the approval of the competent authority, or which authorities have the right to approve. Businesses have been advised to keep a close eye on future developments.

China’s latest push towards the privacy and protection of her citizens is a step further in the government’s three-year plan regarding cyberspaces. With the Law set to come into effect 1st September 2021, one can hope to see a more streamlined set of guidelines to emerge in the coming weeks.

Banner image from The Beijinger Blog.

SHARE THIS STORY

Share on facebook
Share on twitter
Share on linkedin
Share on email

RELATED POSTS

4 Business Sectors Reaping Profit from FIFA World Cup 2022

4 Business Sectors Reaping Sweet Profit from FIFA World Cup Qatar 2022

The 2022 FIFA World Cup 2022 in Qatar will generate roughly US$6.5 billion in revenue, topping the previous record of US$5.4 billion from the 2018 World Cup in Russia. Thanks to the once-in-four-year tournament, Qatar’s GDP is estimated to grow by 4.1% in 2022, and the tournament alone could add up to US$20 billion to Qatar’s economy.

Transparency in the Post FTX World What is Proof of Reserve

Transparency in the Post FTX World: What is Proof of Reserve?

In November this year, two big league crypto businesses, FTX and BlockFi, filed for bankruptcy. FTX had a death spiral after news broke out that the Sam Bankman-Fried-owned exchange had used customer funds to make risky bets through his hedge fund Alameda Research. On the other hand, FTX was closely associated with BlockFi, with them having signed a loan agreement with each other and BlockFi holding US$355 million in digital assets on FTX.

How Do Recommendation Engines Work

How Do Recommendation Engines Work?

Picture this: You just finished a film on Netflix and want to follow it up with something similar. Luckily, Netflix comes to the rescue and gives you the perfect suggestions to continue your weekend movie binge. This isn’t just a hypothetical scenario but something a lot of people actually go through.

Quantum Computing Has a Cybersecurity Problem. Here’s How Experts Are Solving It

Quantum Computing Has a Cybersecurity Problem. Here’s How Experts Are Solving It

In 2019, Google used its quantum computer, the Sycamore machine, to prove that quantum computers can solve a problem in mere minutes. Experts working on the quantum computer found that their system could execute a calculation in 200 seconds, whereas a standard computer would take 10,000 years to complete. What on earth is this powerful tool?

Here Are Some Alternative Sites People Are Jumping To

Musk May Have Killed Twitter: Here Are Some Alternative Sites People Are Jumping To

Ever since Elon Musk purchased the social networking site Twitter for US$40 billion, things haven’t been looking too good for the company’s future. Not only did Musk fire over 50% of the employees soon after stepping on board as the new chief executive officer, but he also intends to allow maximum freedom of speech. This can end up making Twitter a cesspool of racism and misogyny, as well as other forms of hate speech.

How Do Venture Capitalists Choose Which Project to Invest In?

How Do Venture Capitalists Choose Which Project to Invest In?

For those in the entrepreneurial space, raising funds can be very challenging. Not only is it difficult to find the right investor for your startup, but it is also hard to convince said investor to put money into your venture. With over 75% of venture-backed companies failing, the venture capitalist (VC) you approach is taking a serious risk when putting their money into your startup.