China draft law proposes classifying online data for better regulation

China draft law proposes classifying online data for better regulation
Photo Credit: Pixabay
16 Nov, 2021

The Cyberspace Administration of China (CAC) has proposed a set of laws that are presently at the draft stage, and seeks to classify data in order to regulate it better.  

According to reports, the CAC will seek to classify online data into three broad divisions – core, important and general. This classification is reportedly being suggested based on their relevance to national security, and public importance and interest. 

According to Global Times, the regulations will help better safeguard the interests of Chinese individuals, while also safeguarding their legal rights.  

Offering an example as to how such a classification would work, “industry observers” informed Global Times that military aircraft data would be classified under ‘core’, while cargo aircraft data would be classified under important. General consumer aircraft data, under this regime, would fall under ‘general’. 

More importantly, the draft security law also seeks to establish regulation of data transfer. It seeks to establish rules for companies to follow when transferring data from China to international territories.  

Such actions may involve needing to notify the owner of the data about the move, as well as informing them about the particulars of the party receiving the data – such as their names and contact information. 

If the rules involving data transfer outside China are breached, the violators will reportedly be fined upward of $1.5 million. The new law by China also aims to establish that collection of biometric data should not be made mandatory, and users must not be compelled to share such data. It also states that user services must not be hindered if they refuse to supply data that’s not strictly necessary. 

The new law seeks to bring data security incidents under the national cyber security emergency ambit in China. Further reports state that Hong Kong organisations working with data and data processing related fields will be required to undergo a cyber security assessment.  

Such a move may have a considerable impact on global Chinese companies such as Bytedance, which is reportedly considering an IPO in Hong Kong.