China has introduced new draft rules to restrict the flow of data from companies in a move that boosts data localisation
April 11 saw China introduce a new draft law that cracks down on cross-border data transfer by businesses. The new rules require companies to obtain users’ consent before they send their data overseas, and block firms from exporting any data that is considered to be a threat to national security. Firms that transfer over 1,000 GB of data, or that transfer information that affects over 500,000 users, will also undergo annual state security inspections.
The law will “secure personal information and the safety of important data, as well as protect internet sovereignty and national security”, the Cyberspace Administration of China said.
While the restrictions on cross-border data transfer apply to all firms, they’re likely to affect foreign companies the most
November last year saw China introduce new restrictions to counteract hacking and cybercrime in sectors deemed ‘critical’ to national interest. The April 11 rules are an extension of these, since state intervention now applies to all network operators, not just critical ones.
The move is a further step towards data localisation, the practice that sees information being kept in the place where it came from, rather than being freely moved and exchanged. This trend is not unique to China, but it is becoming more pronounced in the country.
“The strongest international standards to protect data privacy are determined by industry consensus, draw on global best practices, and are largely blind to where data is stored or transferred”, said Jake Parker, of the US-China Business Council.
While the new restrictions on cross-border data transfer do apply to all firms, they are likely to affect foreign companies the most. Consequently, they could be part of a wider crackdown on foreign businesses and may indicate a small step towards protectionism.
That said, this would not be the only reason for the introduction of the new laws. China has long been concerned with internal security and keeping information under control. Moreover, the rules will affect both foreign and domestic companies. Therefore, they mostly indicate that China is rapidly adapting to the information age by transferring its existing policy of big government into the digital sphere.