(Bloomberg) – China has eased rules governing cross-border data flows, addressing key concerns from foreign companies that complained previous regulations were hurting their operations.
Most Read Articles on Bloomberg
China's top internet regulator has ruled that data collected in international trade, cross-border travel, manufacturing, academic research and marketing that does not contain personal or “sensitive” information will be subject to security assessments when transferred outside the country. announced that it would be exempted. Friday's statement.
Although authorities have not yet spelled out exactly what constitutes “sensitive” data, analysts say the rule includes a number of carve-outs that will go a long way toward easing the burden, especially on small and medium-sized businesses. said. China's Cyberspace Administration said large companies will benefit from exemptions under the rules, effective immediately, for personal data collected for human resources purposes or classified as “non-sensitive.”
The easing comes as China seeks to reverse a decline in overseas investment. The statement was issued on the eve of a high-profile business forum in Beijing. The forum is expected to be attended by CEOs of foreign companies such as Apple, Pfizer, and FedEx.
“Relaxation makes sense. This is the government's response to complaints from foreign companies,” said Tom Nanlist, an analyst at consultancy Trivium.
finance, drugs
The new rules are largely in line with a draft released last year that said what is considered “critical” data must be specified by regulators, or it could be treated as non-critical. It has become a thing of the past. In theory, it reduces uncertainty about what kind of data can be freely transferred.
“The draft law promises to make compliance easier and these regulations deliver on that. For cross-border money transfers in day-to-day business activities, it is now business as usual,” Nanrist said. Ta.
While most regulatory burdens on small and medium-sized businesses will be lifted, large multinational companies in finance, pharmaceuticals and car manufacturing could still face difficulties transferring data, according to Nanlist.
Sensitive data includes information that, if compromised, could be used to identify or jeopardize the safety of a specific individual, the internet regulator said.
lobbying in europe
The Chinese government's data transfer rules, introduced in 2021, were widely seen as more onerous than the European Union's strict data protection regime. International companies, from hoteliers to banks, were faced with slow approvals to send data beyond mainland China. Companies were concerned that routine transfers, such as providing updates on new employees to overseas headquarters, could violate Chinese government rules.
Foreign business lobby groups have urged the Chinese government to ease the rules, which EU and Chinese leaders discussed at a summit in December.
“Previously, standards for cross-border data flows were significantly vague. However, modern regulations effectively address regulatory uncertainties surrounding specific business scenarios for better implementation. '' said John Dong, a lawyer at Shanghai-based Joint-win Partners. “The key point lies in its ability to relatively alleviate both Chinese and foreign companies' concerns regarding cross-border data export compliance, ultimately leading to reduced associated compliance costs.”
Organizations that work with “critical infrastructure” or handle the personal data of more than 1 million people will still have to pass security assessments to transfer data, the regulator said.
Still, “much fewer organizations will need to apply for export security reviews,” said Roger Creamers, who studies Chinese internet regulation at Leiden University in the Netherlands. This is especially important for sectors such as aviation and e-commerce, he said.
ambiguity remains
Analysts say some ambiguity remains. The government has not yet fully specified what it considers “critical data” and which organizations count as part of “critical infrastructure.”
The new rules include carving out a “free trade zone” within China to enforce more relaxed data transfer standards. This could allow local governments to give more leeway to companies whose data is classified as critical, analysts said.
–With assistance from Debby Wu.
(Updates with attorney's comment in 12th paragraph.)
Most Read Articles on Bloomberg Businessweek
©2024 Bloomberg LP