Cybersecurity Law Of The People 39;s Republic Of China Pdf

[Delmiro Fain]

Datahas been deemed as a basic and strategic resource of the country. According to Xinhua, the law will play an important role in implementing data security and safeguard the core interests of China.

According to Article 31 of the Data Security Law, the cross-border transfer of important data collected and generated by critical information infrastructure operators within China shall be governed by the Cybersecurity Law, under which data collected and generated by critical information infrastructure operators are bound to be stored within the territory of China by principle. Whenever such data needs to be transferred overseas, a security assessment has to be performed.

Important data refers to those defined in Article 21 of the Data Security Law and will be provided in the data classification and hierarchical protection catalogue developed by respective regions and departments and for relevant industries and field.

Conducting a cyber security audit is growing more important for companies as China is tightening its cybersecurity practices and regulation thereof. Businesses are well advised to carefully evaluate if they fall into the scope of critical information infrastructures operators before transferring their data to overseas parties and must keep a close eye on future legislative developments to avoid compliance risks and potential penalties.

Any organizations and individuals in China must obtain the approval of the competent authority when dealing with cross-border data submission requests made by foreign judicial or law enforcement authorities.

For the moment, the Data Security Law does not provide details about how to obtain the approval of the competent authority, or which authorities have the right to approve. Businesses are suggested to keep a close eye on the future developments of the implementation measures.

In fact, such data trading platforms act as an intermediary service provider, providing a trading platform for data suppliers and data demanders. In other words, it is like an online shopping platform, such as Alibaba, eBay, Amazon, etc., except that the commodities on this platform are data, and because of this, the transaction process, objects, and so on are very different. We give one simple illustration here for easier understanding:

Previously, there was no exact laws or regulations to monitor and control the data trading process. The interests of the parties involved in data transactions were sometimes negatively impacted by the lack of standards on intermediary service providers.

Currently, the Data Security Law does not specify the details on how the intermediary service providers will be examined and whether the incompliance responsibility of the data provider will be passed to the intermediary service provider. Relevant parties are suggested to keep a close eye on the future implementation measures.

In addition to the aforementioned compliance requirements and obligations that must be met, the Data Security Law also embodies certain human concerns and strives to ensure that people can equally enjoy the convenience brought by the digital economy.

In recent years, China has made big improvements in the efficient delivery of public services thanks to the data revolution. On the other hand, certain groups like the elderly and the disabled have suffered a lot of difficulties in using digital technologies.

In practice, there have been many cases in which the sellers or service providers refuse to accept cash while the elderly do not know how to use Alipay or WeChat Pay. Also, since the outbreak of COVID-19, it has been reported that in certain cities, people were denied to access public transportation or services because they failed to obtain the digital health code, implemented as part of the epidemic prevention measures.

To protect these special groups and ensure they can equally access public services, Article 15 of the Data Security Law emphasizes any organization or individual should take full consideration of the needs of the elderly and the disabled when designing and developing the application for public services.

On the one hand, the elderly and the disabled cannot be forced to use the so called intelligent products. For example, in addition to ordering food by scanning QR Code and paying the bill by digital payments, the restaurants must provide traditional order and payment methods as alternatives.

On the other hand, the developers should take the characteristics of the elderly and the disabled into consideration when they design and develop relevant products, for example, adding an audible function for people with visual impairment designers, enabling large font for elderly users, etc.

Article 28 stipulates that any organizations or individuals that carry out data processing activities and the research and development of new data technologies shall be conducive to promoting economic and social development, enhancing the well-being of the people, and complying with social morality and ethics.

It can be seen that the Data Security Law puts forward requirements on data processing activities and the research and development of new data technologies from the moral level. In the past, the relevant regulatory authorities have focused more on legal and compliance issues when reviewing data processing activities and the research and development of new data technologies.

Given this, companies that engage in data trading, information matching, software development, and other related activities, shall conduct social morality and ethics review on data analysis and product designed by themselves in advance, so as to avoid the violation of social morality and ethics after entering the market, which may affect the business reputation and daily operation.

While the common goal of these three laws is to build a comprehensive legal framework to regulate the information and data security regime in China, their priorities are different. Comparisons between them are presented in the following table.

With the release of the Data Security Law, the policy requirements of data security protection in China have been strengthened and clarified. However, the Law is more of an outline for data security supervision and protection that links to different aspects.

China Briefing is written and produced by Dezan Shira & Associates. The practice assists foreign investors into China and has done so since 1992 through offices in Beijing, Tianjin, Dalian, Qingdao, Shanghai, Hangzhou, Ningbo, Suzhou, Guangzhou, Dongguan, Zhongshan, Shenzhen, and Hong Kong. Please contact the firm for assistance in China at ch...@dezshira.com.

Dezan Shira & Associates has offices in Vietnam, Indonesia, Singapore, United States, Germany, Italy, India, and Russia, in addition to our trade research facilities along the Belt & Road Initiative. We also have partner firms assisting foreign investors in The Philippines, Malaysia, Thailand, Bangladesh.

3a8082e126