[Asia Economy Reporter Dongwoo Lee] The Chinese government has announced strengthened regulations including prior reporting obligations related to the overseas transfer of important data by companies such as big tech (large information and communication enterprises).
According to Chinese media including Xinhua News Agency on the 30th, the Cyberspace Administration of China (CAC) stipulated in the "Measures for the Security Assessment of Data Overseas Transfer," announced the previous day, that companies wishing to transfer important data overseas must report to the authorities what types of information and how much they provide, as well as their security measures.
The reporting obligation applies when a data processor provides "important data" overseas, when an individual or company processing personal information of more than 1 million people provides information abroad, or when more than 100,000 personal information records or more than 10,000 "sensitive personal information" records are cumulatively provided overseas.
The authorities receiving the report will either approve the data transfer or conduct their own review within 60 days.
The Chinese government considers the leakage of personal information collected from its 1.4 billion population pool overseas as a national security risk factor and aims to strengthen control. Amid the intensifying US-China conflict, this is a strategic move to prevent big data handled by large information technology companies in China from falling into the hands of the US and other Western countries.
Following this policy, despite implicit "restraint recommendations," the Chinese authorities conducted a rigorous internet security review on the ride-sharing company Didi Chuxing (滴滴出行), which forcibly went public on the New York Stock Exchange at the end of June, and imposed high-intensity sanctions including banning new member registrations.
Additionally, at the end of September, data management companies were required to classify data into three levels: general data with limited social impact, important data, and core data. Data that, if leaked, would seriously threaten national security or have significant social and economic implications is defined as "core data," and its export overseas is prohibited.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
