South China Morning Post
Advertisement
Advertisement
Cybersecurity
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
New regulation drafted by the Ministry of Industry and Information Technology reflects Beijing’s policy objectives on improving the country’s data security and having greater control over the nation’s once freewheeling internet sector. Photo: Reuters
TechPolicy

China to block ‘core’ industrial, telecoms data from leaving the country

  • The Ministry of Industry and Information Technology has drafted new regulation to bar the transfer of crucial industrial and telecoms data outside China
  • The ministry is now soliciting public feedback on the proposed regulation until the end of October
Cybersecurity
Xinmei Shen
Xinmei Shen
Why you can trust SCMP
China’s Ministry of Industry and Information Technology (MIIT) has drawn up new regulation that will prevent crucial industrial and telecommunications data from leaving the country, a move that could significantly impact how multinational corporations operate in the world’s second-largest economy.
The ministry is now soliciting public feedback until the end of October on the draft regulation, which was published on its website on Thursday, as part of Beijing’s efforts to articulate its new Data Security Law (DSL) into actionable guidelines.

All businesses that handle industrial and telecoms data in China are required to categorise such information into “ordinary”, “important” and “core”, and report their data catalogue to the MIIT’s local branches, according to the draft regulation. Sharing data categorised as “important” to a foreign party requires a special review and approval process, while all “core” industrial and telecoms data are barred from leaving China under any circumstance.

Industrial data refers to information gathered and produced in sectors that include raw materials, machinery, consumer goods, electronics manufacturing, and software and information technology, according to the draft regulation. Telecoms data includes information gathered and produced from the broad communications network market.

The definition of what is “important” and “core” data is subjective, according to the draft regulation.

The headquarters of the Ministry of Industry and Information Technology in Beijing. The agency is on the front line of China’s technology rivalry with the United States. Photo: Handout

The MIIT is the country’s first regulator to release detailed rules under its jurisdiction, in line with the DSL that took effect on September 1. The law stipulates that data should be categorised based on their importance to the country’s development, with a “stricter management system” applied to “core” data.

Established in 2008 by China’s State Council, the MIIT assumed the functions of several previous ministries and offices. It is responsible for the administration of the country’s various industrial branches and growing information technology sector.

Under the MIIT’s proposed new regulation, data will be labelled as “important” if such information is likely to threaten China’s “politics, land, military, economy, culture, society, science and technology, cyberspace, ecosystem, resources and nuclear security”, or affect the country’s interests overseas and its data security in space, polar regions, deep sea and artificial intelligence.

Information will be considered “core” data if posing a “serious threat” to those same areas.

How China’s new data laws will make cross-border business much harder

To further elaborate, the draft regulation states that data will be categorised as “important” if such information can affect “the development, production, operation and economic interests of industries”, including the telecoms sector. Data will be classified as “core” if the transfer of such information can significantly impact China’s major enterprises, information infrastructure and other important resources.

A confluence of events has made this the ideal time for Beijing to take action on data security, of which data localisation forms a big part. Policy objectives reflect both the need for better security in the country, which has traditionally lagged in internet security standards, and the central government’s desire for greater control over a once freewheeling internet sector.
With China’s DSL in place, the reach of America’s 2018 Clarifying Lawful Overseas Use of Data (Cloud) Act has become limited. That law allows the United States to demand access to data, regardless of where it is stored.

CCP must keep its grip on data, writes boss of Chinese central enterprise

The MIIT’s proposed new regulation is expected to strengthen Beijing’s power to oversee cross-border flow of industrial and telecoms data.

The head office of an industrial conglomerate based in Europe, for example, would face hurdles in gaining access to data from its China-based facilities. An intermediary agency, such as an investment bank, law firm or consultancy in New York, would find it difficult to receive certain data from their clients on the mainland.

China’s DSL has left open specific definitions of national and economic security, people’s welfare and important public interest. Providing such details has been left to the country’s ministries and local governments.

On Thursday, the Shanghai government released a draft version of its own data rules. That followed hi-tech hub Shenzhen’s recent review of new data use law that will take effect in January next year.
This article appeared in the South China Morning Post print edition as: Beijing to bar transfer of ‘core’ data overseas
6