South China Morning Post
Advertisement
Advertisement
Cybersecurity
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
The national security review requirement reflects Beijing’s efforts to tighten cross-border data flows and safeguard what it considers as sensitive information. Illustration: Shutterstock
TechPolicy

China imposes national security review on data, merger deals involving foreign capital as Beijing tightens cross-border information flow

  • The review requirement forms part of new policy guidelines released by the Central Committee of the Chinese Communist Party and the State Council
  • The guidelines reflect how Beijing has been ramping up its efforts to boost the country’s digital economy by applying commercial rules to data
Cybersecurity
Xinmei Shen
Xinmei Shen
Why you can trust SCMP

Chinese authorities will impose a strict review of data processing, cross-border data transfers, and mergers and acquisitions (M&A) activities involving foreign capital that could affect national security, as Beijing moves to safeguard what it considers as sensitive information.

That approach forms part of new policy guidelines released on Monday by the Central Committee of the Chinese Communist Party and the State Council, the country’s cabinet. The guidelines aim to boost the country’s data market, while addressing issues such as data rights and trading profit distribution.
The release of the guidelines follows last year’s passage of China’s Data Security Law, which treats some domestically generated information as a matter of national security and proposed a review requirement, but did not provide specific guidance. China had earlier set up a process for initial public offerings (IPOs) overseas to go through a security review if the business involves the data of more than one million Chinese consumers.

Under the new guidelines, implementing a national security review on certain deals supports Beijing’s efforts to build an “orderly” mechanism for cross-border data flows. Other measures that the guidelines cover include taking part in formulating international rules and technical standards in areas like digital currency.

07:30

Why China is tightening control over cybersecurity

Why China is tightening control over cybersecurity

The guidelines aims to lay the groundwork for what Beijing calls a “fundamental data system”, which will cover areas such as defining the data rights of different entities, management and supervision of information, and trading and profit distribution in the data market.

A detailed mechanism for defining data rights will be established for public, corporate and personal information, according to the new guidelines.

It provides three main types of data rights. These are the right to hold data resources, the right to process and use data, and the right to manage data products.

The guidelines reflect how Beijing has been ramping up its efforts to boost the country’s digital economy by applying commercial rules to data, which the central government regards as a new production factor that is in the same category as land, capital and human labour.

How China’s new data laws will make cross-border business much harder

Data exchanges have already been launched in major cities across China. In November, trading kicked off at the state-run data exchange in the southern tech hub of Shenzhen, allowing companies to buy and sell data the way they do with regular commodities.

Despite that push, the government has not allayed the concerns of businesses in terms of higher compliance costs in handling data and an inadequate trading framework that remains vague on data ownership and other relevant rights.

Multinational companies may be encouraged by the guidelines’ goal to promote China’s digital economy, particularly at a time when the domestic economy is in need of stimulus, according to Alex Roberts, counsel for technology, media and telecommunications at international law firm Linklaters in Shanghai.

Roberts, however, said the review requirement related to national security remains worrisome.

China restricts industrial data export as Beijing tightens grip on data security

“The emphasis on implementing ‘national security reviews’ may be worrying given the current uncertainty about review processes under existing data rules,” he said.

The guidelines’ national security review requirement, according to Roberts, appears to refer to three existing mechanisms that fall under the purview of the Cyberspace Administration of China and the Ministry of Commerce. These include a cybersecurity review, a security assessment for cross-border data transfers and the review for foreign investments on national security grounds.

“These existing reviews permit government intervention prompted by the sensitivity of data involved in IPOs, inbound M&A and data exports from mainland China,” Roberts said. “Industry will be relieved that there is, hopefully, not an additional mechanism that could derail cross-border business activities.”

Further development of the country’s fundamental data system is expected to be coordinated through an interministerial meeting mechanism established in July this year, which brings together top officials from 20 government bodies led by the National Development and Reform Commission to formulate strategies on China’s digital economy. The country’s data regime policies will be adjusted based on the evaluation from these meetings, according to the guidelines.
Post