China moves to clamp down on user data with new law

中國採取新法律限制用戶數據

Data Security Law is country’s first comprehensive legislation dealing with digital data


TAIPEI (Taiwan News) — China approved a new data security law last week to tighten control over massive troves of user data collected by tech giants within the country.

Last Thursday (June 10), the National People’s Congress passed the Data Security Law, China’s first comprehensive legislation concerning digital data, according to Nikkei. The new law takes effect on Sept. 1.

The Data Security Law also covers a wide variety of data not covered by the 2017 Cybersecurity Law, which barred the transfer of sensitive data outside of China’s borders, Nikkei said. The new law gives Chinese authorities more oversight on the collection, safeguarding, and transfer of data, with major decisions concerning data security to be made by national security officials.

Companies found mishandling “core state data” can be forced to stop operations, have their licenses revoked, or be fined up to 10 million yuan (US$1.56 million), per Bloomberg. Firms that leak sensitive data abroad face similar fines and punishments, while companies passing digital data to foreign law enforcement bodies without authorization could be fined up to 5 million yuan and face suspension of operations.

Under the new law, China will also establish a screening process to determine how data transfers affect national security. The law covers data involved with sectors deemed critical such as industrial production, communications, transportation, finance, natural resources, and healthcare, Nikkei said.

The Data Security Law also takes aim at transportation data, specifically data harvested by electric vehicles (EV), in addition to big data used in conjunction with self-driving technology. EV driving data already has to be given to authorities, but as of Sept. 1, image data must also be provided.

It is unclear which specific activities the Data Security Law outlaws at this point, but it will mean that companies will have to be more careful in how they handle digital data.

Its passage comes amid growing concern among the Chinese leadership that the country’s tech companies could use their vast personal and corporate digital data to establish other areas of power outside the Chinese Communist Party (CCP), according to The Wall Street Journal. It also reflects a growing sense among party leaders that private sector digital data should be considered a national asset to be used according to the state’s needs, the WSJ cited policy-makers as saying.