China’s new Data Security Law promises steep punishments for unapproved overseas data transfers
- China passes first law on data security amid crackdown on country’s Big Tech and rivalry with the US
- Law sanctions hefty fines for unauthorised data exports and sets legal framework for establishing a data market
China’s top lawmaking body has passed a sweeping data law that further enhances the government’s authority and promises hefty punishments for any transgressions as Beijing continues to rein in Big Tech and impose its sovereignty over data produced in the country.
Under China’s new Data Security Law, passed on Thursday, companies that transfer the state’s “core data” overseas without proper approval from Beijing will face a penalty of up to 10 million yuan (US$1.56 million) and could be forced to shut down, a penalty that didn’t exist in an earlier draft version of the law that was submitted for review in April.
Fines for companies that hand over “important data” to a foreign judiciary or law enforcement agency without prior approval were raised to 5 million yuan, from the 1 million yuan in the draft version of the law.
“Data is a country’s basic strategic resource. Without data security there is no national security,” the Cyberspace Administration of China wrote in a release published on Thursday.
“With the Chinese mainland and Hong Kong SAR accounting for about a quarter of global cross-border data flows, this law is clearly seeking to elevate data security to the top of mainland China’s legislative agenda,” said Alex Roberts, TMT counsel at Linklaters law firm.
By treating data as a national security issue, domestically stored data is now shielded from the long arm of US jurisdiction.