China Loosens Cross-Border Data Rules on Business Pressure

Tom Hancock

Fri, Mar 22, 2024, 8:07 PM 3 min read

Data collected in international trade, cross-border travel, manufacturing, academic research, and marketing that don’t contain either personal information or “important” information will be exempt from security evaluations when transfered out of the country, China’s top internet regulator said in a statement Friday.

While authorities have yet to detail what constitutes “important” data, the rules feature a number of carve-outs, and go far to alleviate the burden on smaller-sized companies in particular, analysts said. Larger firms will benefit from exemptions for personal data collected for human resources purposes or classified as “non-sensitive,” under rules effective immediately, the Cyberspace Administration of China said.

The relaxation comes as China tries to reverse a decline in foreign investment. The statement was released on the eve of a high-profile business forum in Beijing, where attendance is expected by chief executives from foreign corporations including Apple Inc., Pfizer Inc. and FedEx Corp.

“The relaxations are meaningful. This is the government’s response to foreign companies’ complaints,” said Tom Nunlist, an analyst at consultancy Trivium.

Finance, Drugs

The new rules were largely in line with a draft released last year, which stated that what counts as “important” data must be specified by regulators and can otherwise be treated as non important. In theory, that will reduce uncertainty about what kinds of data can be transferred freely.

“The draft promised to make compliance easier, and these regulations deliver on that. For cross-border transfers for everyday business activities, it’s business-as-usual now,” Nunlist said.

While most regulatory burdens on small and medium-sized firms will be removed, large multinationals in finance, pharmaceuticals and automobile manufacturing could still face difficulties with data transfers, according to Nunlist.

Sensitive data includes information which, if leaked, can be used to identify a specific person or endanger their safety, the internet regulator said.

European Lobbying

Beijing’s rules on data transfers, introduced in 2021, were widely seen to be more onerous than even the European Union’s strict data protection regime. International firms, from hoteliers to banks, were faced with slow approvals to transmit data beyond China’s mainland. Companies worried that mundane transfers, such as providing overseas headquarters with updates on new hires, could fall afoul of Beijing’s rules.

Foreign business lobby groups have been urging Beijing to relax the rules, and EU and Chinese leaders discussed them at a summit in December.

“Previously, the standards for cross-border data flow were notably vague. However, the latest regulation has effectively addressed the regulatory uncertainties surrounding specific business scenarios for better implementation,” John Dong, lawyer at Shanghai-based Joint-win Partners, said. “The crucial aspect lies in its ability to relatively alleviate concerns among both Chinese and foreign enterprises regarding cross-border data export compliance, ultimately leading to a reduction in associated compliance costs.”

Organizations dealing with “critical infrastructure” or handling personal data of more than 1 million people still will need to pass security assessments in order to transfer data, the regulator said.

Still, “far fewer organizations will need to apply for export security reviews,” said Rogier Creemers, a researcher on Chinese internet regulation at Leiden University in the Netherlands. This is particularly important for sectors such as aviation and e-commerce, he said.

Ambiguities Remain

Some ambiguities remain, according to analysts. The government has yet to fully specify what it considers as “important data” or which organizations could be counted as part of “critical infrastructure.”

The new rules include carve-out for “free trade zones” within China to enforce more relaxed data transfer standards. That could allow local governments to provide more room for companies whose data is classified as important, analysts said.

--With assistance from Debby Wu.

(Updates with lawyer’s comment in 12th paragraph.)

News

Life

Entertainment

Finance

Sports

New on Yahoo

Yahoo Finance

In This Article:

Recommended Stories