Data privacy in China: Beijing to define data that will not be allowed to leave the country easily

Chinese policymakers will soon release guidelines for defining “important data”, classifying it into eight categories based on their impact on national security, a top researcher at a state-owned cybersecurity think tank has revealed.

Data to face restrictions when it comes to overseas transfer will cover economic operations, population, natural resources and the environment, science and technology, safety and security, application and services, political activities and others, Zuo Xiaodong, vice-president of the China Information Security Research Institute, a Beijing-based think tank that advises the Chinese government on cybersecurity policies, said at an industry conference last week.

His comments were reported by the Southern Metropolis Daily, a local newspaper.

Data categorisation will be a key part of China’s data governance regime and how Beijing defines the importance of data will have far-reaching implications for how Chinese companies, especially China’s tech firms, collect and use relevant customer data.

Didi Chuxing, a ride-hailing giant, recently came under a cybersecurity review after it was accused of “forcing its way” to make an initial public offering in New York.

Zhuang Rongwen, the chief of the Cyberspace Administration of China (CAC), the agency that is leading the probe into Didi, said in Beijing on Monday that one of the regulatory priorities will be “data security and cybersecurity”.