 |
| A sign over an office of the Cyberspace Administration of China (CAC) is visible in Beijing, China July 8, 2021 |
BEIJING, March 22 (mod1s) - China's internet agency on Friday released guidelines to encourage and control cross-border data flow, clarifying reporting norms for security evaluations of major data exports.
Data gathered and created in operations such as international commerce and cross-border transportation that do not include personal information or "important data" would be excluded from disclosure, the Cyberspace Administration of China stated.
"These substantially ease the compliance burden for foreign companies in China - although for multinational corporations in sensitive areas the 'important data' question still looms," said Tom Nunlist, associate director at research company Trivium China.
The guidelines, which take effect on Friday, formalize a proposed easing of some of the data export requirements released last September, which at the time was met with relief by international and Chinese enterprises in China that deal outside the country.
Chinese authorities have in recent years tightened control of data created inside the country's borders as part of a national security campaign - a move that prompted uncertainty and alarm among international enterprises in China.
Firms, however, have cautioned that greater clarification is required on how China defines "important data," presently characterized as material that presents a danger to national and economic interests or affects the rights of persons or organizations.
The guidelines announced on Friday stated Chinese authorities will also develop a "negative list system" for free trade pilot zones, enabling such places to autonomously construct lists of data that need to be included in the scope of security evaluation.
Reuters reported in February that Shanghai sought to hasten clearances for multinational corporations intending to export their local data abroad by using its extensive free trade zones.
The revised regulations also altered the parameters for data export operations that need to disclose a data export security assessment and extended the validity of assessment findings from two years to three years.
Source: https://www.reuters.com/