China must clarify ‘uncertainty’ over data security laws, allow more cross-border transfers
- China has introduced a Data Security Law and Personal Information Protection Law this year amid a drive to legislate how companies store, protect and share data
- Report from the British Chamber of Commerce in China highlights concerns over uncertainty surrounding cybersecurity and data protection requirements
Beijing has been urged to set a clear definition and scope for its enforcement of data security and transfer laws as it is vital for the operation of foreign businesses as well as China’s innovation strategy, the British Chamber of Commerce in China said on Tuesday.
China has recently elevated its requirements concerning data, particularly additional assessment requirements for cross-border transfers, with the introduction of laws on data safety and the protection of personal information in the past three months.
Uncertainty over cybersecurity and data protection requirements consistently feature as two of the most significant concerns voiced by British companies operating in China
“Uncertainty over cybersecurity and data protection requirements consistently feature as two of the most significant concerns voiced by British companies operating in China,” Julian MacCormac, chair of the commerce chamber, wrote in the 26-page “Cross-Border Data and Innovation” report.
“This is most notable when it comes to cross-border data transfers.”
Companies that transfer “core data” overseas without proper approval from Beijing will face a penalty of up to 10 million yuan (US$1.56 million) and could be forced to shut down.