China relaxes security review rules for some data exports

Post time:03-25 2024 Source:Reuters
tags: China Data
font-size: +-
563

BEIJING, March 22 (Reuters) - China's cyberspace regulator on Friday issued rules to facilitate and regulate cross-border data flow, clarifying reporting standards for security assessments of important data exports.

Data collected and generated in activities such as international trade and cross-border transportation that do not contain personal information or "important data" will be exempt from declaration, the Cyberspace Administration of China said.

"These substantially ease the compliance burden for foreign companies in China - although for multinational corporations in sensitive areas the 'important data' question still looms," said Tom Nunlist, associate director at research firm Trivium China.

The rules, which take effect on Friday, finalize a proposed relaxation of some of the data export rules issued last September, which at the time was greeted with relief by foreign and Chinese firms in China that trade outside the country.

Chinese authorities have in recent years tightened control of data generated within the country's borders as part of a national security drive - a move that triggered confusion and concern among foreign firms in China.

Firms, however, have said that more clarity is needed on how China defines "important data," currently specified as data that poses a threat to national and economic interests or affects the rights of individuals or organizations.

The rules published on Friday said Chinese authorities would also establish a "negative list system" for free trade pilot zones, allowing those areas to independently formulate lists of data that need to be included in the scope of security assessment.

Reuters reported in February that Shanghai planned to accelerate approvals for foreign firms wanting to send their local data offshore by leveraging its sprawling free trade zones.

The new rules also adjusted the conditions for data export activities that need to declare a data export security assessment and extended the validity of assessment results from two years to three years.

Comment

Consultation