China tightens regulation of digital information

April 12, 2017 08:34
The new  rules will affect all so-called network operators, which encompass technology companies, as well as other firms that do business through computer networks such as financial institutions. Photo: WSJ

Foreign companies with business operations in China will be required to apply for permission to transfer data out of the country under draft rules released Tuesday.

It is the government's latest move to tighten regulation of digital information, the Wall Street Journal reports.

The rules would affect all so-called network operators, a term that industry experts say likely encompasses technology companies, as well as other firms that do business through computer networks, such as financial institutions.

The rule would apply to companies seeking to move more than one terabyte of data out of China, or that have data on more than 500,000 people.

For example, consumer companies that have collected a large database of email addresses, birth dates or other information on their Chinese customers would appear to be required to get the permission of both their customers and the Chinese government before transferring that data out of the country.

The data would then be reviewed and blocked if the government believes it would hurt China’s political system, economy, technology or security.

The Cyberspace Administration of China said the rules were necessary to “secure personal information and the safety of important data, as well as to protect internet sovereignty and national security”.

The draft drew some industry criticism Tuesday. Multinational companies are generally opposed to data localization—keeping data physically stored in the country where it originates—saying that rules mandating the practice raise costs by requiring duplicate infrastructure and impede cross-border business.

“The strongest international standards to protect data privacy are determined by industry consensus, draw on global best practices, and are largely blind to where data is stored or transferred,” said Jake Parker, vice president of the US-China Business Council.

The draft is open for public comment until May 11 and could change in its final form. Other recent Chinese cybersecurity regulations have been weakened in their final version after pushback from companies and foreign governments.

-- Contact us at [email protected]