From one of the world’s least regulated data environments to one of its most ?
On the 10th of June, China’s National People Congress approved the Data Security Law (DSL). The latter will become effective on the 1st of September 2021, leaving less than three months for companies to quickly adapt and understand its implications. The DSL aims at specifying how data is used, collected & protected in various sectors including tech, finance, transportation, health, and education.
A necessity for national security
This law seeks to elevate data security as a national priority. As the Cyberspace Administration of China explains : “Data is a country’s basic strategic resource. Without data security there is no national security”. In this effort to raise awareness about the importance of data and to help data circulation in the economy, the Chinese government classified data as a production factor, alongside capital and labour.
Furthermore, treating domestically stored data as a national security issue is a way to avert US jurisdiction.
A first step to distinguishing ‘non sensitive’ and ‘sensitive’ data
It is the first time that the Chinese State distinguishes different types of data. In doing so, it will allow it to focus on crucial data for national security. The DSL will provide specific regulatory measures depending on whether the data is important, a ‘core data’ or ordinary.
There is no clear definition of ‘important data’ yet, but we already know that sanctions can go from 100,000 RMB to 10 million RMB (in the case of illegal transfers of important data overseas or a violation of regulations on Core State Data). Companies can also have their business license revoked in the event of non-compliance and lack of cooperation with authorities that wish to inspect their data for “national security or criminal investigation” purposes. As for core data, is considered core data “any data that concerns national and economic security, people’s welfare, and important public interest”.
A one way regulation
It is important to know that this law aims at making it more difficult for companies and individuals to transfer data outside of China, however, nothing is said about data inflows. In other words, data cannot exit China freely, but it can flow in without any limit.
 Qi, Wang. “China Introduces Data Security Law, Strong Legal Support for Development in Digital Age.” Global Times, 11 June 2021, 8h47, www.globaltimes.cn/page/202106/1226001.shtml.
 Sheng, Wei. “China Passes Data Security Law amid Tech Giants Crackdown · TechNode.” TechNode, 11 June 2021, technode.com/2021/06/11/china-passes-data-security-law-as-it-continues-to-crack-down-on-tech-giants/.
Ng, Brady. “4 Things You Should Know about China’s New Data Security Law.” KrASIA, 14 June 2021, kr-asia.com/4-things-you-should-know-about-chinas-new-data-security-law.
Qi, Wang. “China Introduces Data Security Law, Strong Legal Support for Development in Digital Age.” Global Times, 11 June 2021, 8h47, www.globaltimes.cn/page/202106/1226001.shtml.
Sheng, Wei. “China Passes Data Security Law amid Tech Giants Crackdown · TechNode.” TechNode, 11 June 2021, technode.com/2021/06/11/china-passes-data-security-law-as-it-continues-to-crack-down-on-tech-giants/.