Chinese draft cyber law requires security assessment for companies exporting data
Law would also ban export of economic or scientific data that threatens ‘security or public interests’
China’s top cyber authority on Tuesday released a draft law that would require firms exporting data to undergo an annual security assessment, in the latest of several recent safeguards against threats such as hacking and terrorism.
Any business transferring data of more than 1,000 gigabytes or affecting more than 500,000 users would be assessed on its security measures and on the potential of the data to harm national interests, said the draft from the Cyberspace Administration of China.
The law would ban the export of any economic, technological or scientific data whose transfer would pose a threat to security or public interests. It would also require firms to obtain the consent of users before transmitting data abroad.
The proposed law, which focuses on personal information security, comes just a day after state media reported government rewards of US$1,500 to US$73,000 for citizens who report suspected spies.
It is also an extension of legislation passed in November formalising a range of controls over firms that handle data in industries the government deems critical to national interests.
Business groups have criticised the November law, which is effective from June, calling the rules “vague” and claiming they unfairly target foreign companies with stringent requirements.
Chinese officials denied that the November law targeted foreign businesses.
Under the rules released on Tuesday, sensitive geographic data such as information on marine environments would also be subject to scrutiny. Destination countries and the likelihood of oversees tampering would also be factored into any assessments.
The draft is open for public comment until May 11.