China’s cyberspace regulator has announced that the country’s data exports will require security reviews from September 1.
The Cyberspace Administration of China (CAC) policy was first launched in October 2021 and requires companies that transfer data overseas to conduct a security review. The requirements come into effect when an organization transfers data describing more than 100,000 people or information about critical infrastructure, including those related to communications, finance and transportation. Sensitive data such as fingerprints also trigger the requirement, at a threshold of 10,000 fingerprint sets.
An announcement on Thursday added a detail to the policy: the deadline after which the CAC will start counting towards the 100,000 and 10,000 thresholds. Funnily enough, that date is January 1…2021.
A state official explained in Chinese state media on Thursday that the efforts were necessary due to the expansion of cross-border data activities in the digital economy, and that differences in international legal systems have increased the security risks of data exports, thereby affecting national security and social interest. .
The official clarified that the security review should take place before signing a contract that includes exporting data overseas. Any approved data export will be valid for two years, after which the entity must submit a new request.
Beijing has repeatedly sought to have more control over how personal data is shared by those who collect it.
National carriers have long felt the sting of Beijing for mishandling data. Uber’s Chinese analogue Didi was kicked out of local app stores last year after being accused of failing to comply with data protection laws.
A month earlier, the CAC ordered 105 apps — including LinkedIn, Bing and the Chinese version of TikTok called Douyin — to stop collecting and improperly using people’s personal data.
But while Beijing has demonstrated that it wants to keep as much control as possible over its data, Xi Jinping announced in November that he wanted to participate in digital free trade partnerships with other countries.
China’s interest in personal data also extends overseas. It recently emerged that ByteDance, owner of TikTok, may display some data describing US-based users despite past assurances that this is not possible. And earlier this week, MI5 and FBI leaders portrayed Beijing as completely unafraid to steal data – for influence, or raw information, or both.
A case of “if you can’t join them beat them” maybe?®