China looks to relax cross-border data security controls

Receive free Internet security updates

China has begun to loosen some of its strict cross-border data controls amid complaints from foreign businesses and a faltering economy.

China’s Cyberspace Administration of China published regulations late Thursday aimed at clarifying and simplifying the outbound transfer of data in normal commercial activities.

The move comes as Beijing seeks to reassure foreign businesses concerned about deteriorating U.S.-China relations and the growing influence of their own security agencies.

Under current security rules, the CAC has been reviewing a large number of data export requests submitted by foreign groups wishing to share “important data” abroad.

However, Graham Webster, a China expert at Stanford University’s Center for International Security and Cooperation, said the rules “created an unsustainable situation where people were unsure whether they should apply for data review and which data Counted as important data”.

“These changes will create a clearer path for most data to be sent abroad,” he said.

The CAC’s new draft rules state that only data clearly classified as important by government agencies will need to be submitted for security review. The draft rules would allow multinational companies to share employee records abroad, while personal information needed for cross-border purchases or bookings could be sent without security clearance.

China’s tight controls, coupled with expanded counterintelligence laws that took effect in July, have prompted many foreign groups to begin divesting their local IT systems and data. Many companies choose to fully localize data for fear of inadvertently transmitting sensitive data.

The CAC’s draft rules will be open for public comment until mid-October, and it’s unclear whether the changes will be enough to appease foreign companies.

The expanded counterespionage law remains in effect, with the Ministry of National Security pushing for a “whole-of-society” approach to security risks – encouraging all citizens to join the ministry’s counterintelligence fight – while ramping up domestic propaganda efforts.

This year, national security officials raided the offices of U.S. consulting firms including Bain & Company and Mintz Group, and police raids at Triumph Group were shown on prime time. Triumph Group is an expert online group that helps foreign investors conduct due diligence. Chips from US semiconductor giant Micron Technology have also been labeled as “serious cybersecurity risks” and banned from use in infrastructure.

“Security remains a major concern in China under Xi Jinping,” Webster said. “They’ve been sending mixed signals about collecting data and sending it abroad.”

Svlook

Leave a Reply

Your email address will not be published. Required fields are marked *