China revises draft rules on data security for business sectors
China‘s industry ministry published revisions to draft rules on Thursday dictating how companies and localities should manage data, bringing more specificity to the country’s evolving data governance regime.
The updated rules, which China’s Ministry of Industry (MIIT) and Information Technology first published in September, removes a previous statement that “core data,” defined as data that poses a “serious threat” to China’s national and economic interests, must not leave the country.
In addition, the rules add electromagnetics to the wide range of categories that contain data that could be considered “core data” or “important data.”
The updated rules also specify that industry-specific local regulators must be responsible for the management and supervision of data in the three categories of “industrial data,” “telecommunications data,” and “wireless data.”
The updated revisions will be open to public feedback until February 21, according to MIIT.
The Ministry of Industry and Information Technology first published the draft rules in September which were aimed at bolstering the country’s new data security law.
Legal and technology experts expect the law to have ramifications for nearly all entities engaged in some form of mass data collection.
The law broadly requires Chinese companies and localities to to categorize data based on its relevance to national security and the economy.
It also calls for steeper regulation of exporting data out from China to other locations, which has raised concern among multinational corporations operating in China.
Authors: Brenda Goh, Josh Horwitz, Yingzhi Yang, Reuters