China’s cybersecurity regulator to enforce new data rules
China’s cybersecurity rules requiring reviews for certain personal data would come into effect from September 1, the country’s internet regulator said.
The rules will govern how companies and other entities handle large amounts of personal information about users, the The Cyberspace Administration of China (CAC) said in a statement.
They also govern obtaining permission to export such data abroad.
“In recent years, with the vigorous development of the digital economy, cross-border data business has become more and more frequent, and the data processor’s data export demand has increased rapidly,” CAC said.
“Clarifying the specific provisions of data export security assessment is the need to promote the healthy development of the digital economy,” he added.
National security risk in China
Under China’s cybersecurity rules, IT infrastructure operators that purchase network products and services and network platform operators that perform data processing must apply for a cybersecurity review if national security is or may be affected.
“They are required to assess any national security risk that may arise from the use of a network product or service when purchasing such a product or service,” said Guo Binna of White & Case, a law firm.
She said the new measures provide specific rules for certain network platform operators’ public listings, but do not offer guidance on other types of data processing that might fall under the government’s attention. Chinese authority for a cybersecurity review.
Under new cybersecurity measures in China, a network platform operator that has the personal information of more than one million users and plans to be listed in foreign countries must apply for a cybersecurity review.
- Reuters, with additional editing by George Russell