China drafts tough rules to stop data from leaving its borders as Beijing tightens grip on information
- The new rules could also potentially affect data flows between the Chinese mainland and Hong Kong, as they cover all data leaving China’s ‘borders’
- An international consumer goods company will have to go through the government if it wants to share its Chinese consumer database with head office
A new set of draft rules released on Friday by the Cyberspace Administration of China (CAC), the country’s internet watchdog, have proposed additional requirements for businesses wanting to transfer Chinese data abroad, as Beijing seeks to tighten its grip on domestic data.
The draft regulations, which are likely to become official after the public feedback period ends on November 28, are set to have a far-reaching impact on the overseas listings of Chinese companies, and even day-to-day operations of multinationals operating in the country.
The new rules could also potentially affect data flows between the mainland and Hong Kong, as they cover all data leaving China’s “borders”. Under Chinese entry and exit laws, departures from the mainland to enter Hong Kong and Macau are regarded as “leaving the border”.
“It’s clear that the rules apply to Hong Kong,” said James Gong, partner at Bird & Bird law firm in Beijing.
According to the draft, all businesses processing data gathered in China will need to conduct a self review on the risks involved in transferring their data outside Chinese borders, and a wide scope of data transfers will be subject to a government data security review before going overseas.
Firms that need to obtain a green light from the CAC before exporting data include critical information infrastructure operators and “important data” owners.