Pictured here is an exhibition on big data for transportation in Chongqing on Oct. 21, 2020.
China News Service | China News Service | Getty Images
BEIJING — Chinese authorities are signaling a softer stance on once-stringent data rules, among recent moves to ease regulation for business, especially foreign ones.
Over the last few years, China has tightened control of data collection and export with new laws. But foreign businesses have found it difficult to comply — if not operate — due to vague wording on terms such as “important data.”
Now, in a proposed update, the Cyberspace Administration of China (CAC) has said no government oversight is needed for data exports if regulators haven’t stipulated that it qualifies as “important.”
That’s according to draft rules released late Sept. 28, a day before the country went on an eight-day holiday. The public comment period closes Oct. 15.
“The release of the draft is seen as a signal from the Chinese Government that it is listening to businesses’ concerns and is ready to take steps to address them, which is a positive,” the European Union Chamber of Commerce in China said in a statement to CNBC.
“The draft regulation relieves companies of some of the difficulties with cross-border data transfer and personal information protection partly by specifying a list of exemptions to relevant obligations and partly by providing more clarity on how data handlers can verify what is qualified by authorities as ‘important data,'” the EU Chamber said.
The EU Chamber and other business organizations have lobbied the Chinese government for better operating conditions.
The cybersecurity regulator’s draft rules also said data generated during international trade, academic cooperation, manufacturing and marketing can be sent overseas without government oversight — as long as they don’t include personal information or “important data.”
“This is a small but important step for Beijing to show it’s walking the walk when the State Council earlier pledged to facilitate cross-border data flows to improve the investment climate,” Reva Goujon, director, China Corporate Advisory at Rhodium Group, said in an email Friday.
The proposed changes reflect how “Beijing is realizing that there are steep economic costs attached to its data sovereignty ideals,” Goujon said.
“Multinational corporations, particularly in data-intensive sunrise industries which Beijing is counting on to fuel new growth, cannot operate in extreme ambiguity over what will be considered ‘important data’ today versus tomorrow and whether their operations will seize up over a political whim by CAC regulators.”
More regulatory clarity for business?
China’s economic rebound from Covid-19 has slowed since April. News of a few raids on foreign consultancies earlier this year, ahead of the implementation of an updated anti-espionage law, added to uncertainties for multinationals.
“When economic times were good, Beijing felt confident in asserting a stringent data security regime in the footsteps of the EU and with the US lagging behind in this regulatory realm (for example, heavy state oversight of cross-border data flows and strict data localization requirements),” Rhodium Group’s Goujon said.
The country’s top executive body, the State Council, in August revealed a 24-point plan for supporting foreign business operations in the country.
The text included a call to reduce the frequency of random inspections for companies with low credit risk, and promoting data flows with “green channels” for certain foreign businesses.
During consultancy Teneo’s recent trip to China, the firm found that “foreign business sources were largely unexcited about the plan, noting that it consists mostly of vague commitments or repackaging of existing policies, but some will be useful at the margin,” managing director Gabriel Wildau said in a note.
He added that “the 24-point plan included a commitment to clarify the definition of ‘produced in China’ so that foreign companies’ domestically made products can qualify.”
When U.S. Commerce Secretary Gina Raimondo visited China in August, she called for more action to improve predictability for U.S. businesses in China. Referring to the State Council’s 24 points, she said: “Any one of those could be addressed as a way to show action.”
The U.S.-China Business Council’s latest annual survey found the second-biggest challenge for members this year was around data, personal information and cybersecurity rules. The first challenge they cited was international and domestic politics.
The council was not available for comment due to the holiday in China.
While the proposed data rules lower regulatory risk, they don’t eliminate it because “important data” remains undefined — and subject to Beijing’s determination at any time, Martin Chorzempa, senior fellow at the Peterson Institute for International Economics, and Samm Sacks, senior fellow at Yale Law School Paul Tsai China Center and New America, said in a PIIE blog post Tuesday.
Still, “not only did the leadership commit to a more ‘transparent and predictable’ approach to technology regulation in the wake of the tech crackdown, the new regulations follow directly on the State Council’s 24 measures unveiled in August, which explicitly call for free data flows. Other concrete actions to improve the business environment could flow from those measures as well,” Chorzempa and Sacks said.
The proposed changes to data export controls follow an easing in recent months on other regulation.
In artificial intelligence, Baidu and other Chinese companies in late August were finally able to launch generative AI chatbots to the public, after Beijing’s “interim regulation” for the management of such services took effect on Aug. 15.
The new version of the AI rules said they would not apply to companies developing the tech as long as the product was not available to the mass public. That’s more relaxed than a draft released in April that said forthcoming rules would apply even at the research stage.
The latest version of the AI rules also did not include a blanket license requirement, only saying that one was needed if stipulated by law and regulations. It did not specify which ones.
Earlier in August, Baidu CEO Robin Li had called the new rules “more pro-innovation than regulation.”
Certainly, here’s a frequently asked questions (FAQ) section based on the article about
China’s proposed changes in data regulations:
What are the key changes in China’s data regulations?
– China is proposing updates to its data regulations that would exempt data exports from government oversight unless they involve “important data” as defined by regulators. The proposed changes aim to provide more clarity for businesses, especially foreign ones, and encourage cross-border data flows.
2. What is “important data,” and how is it defined in the proposed regulations?
– The term “important data” remains undefined in the proposed regulations, leaving it to the discretion of Chinese regulators. This lack of a precise definition raises questions about how it will be determined.
3. How do these changes affect foreign businesses operating in China?
– These changes are seen as a positive step for foreign businesses in China. They reduce regulatory hurdles for cross-border data transfer in various sectors, which is particularly relevant for technology and data-intensive industries.
4. Are there still compliance challenges for businesses under these proposed regulations?
– Yes, there are compliance challenges as long as the term “important data” remains undefined and subject to interpretation. Businesses must stay informed and engage with regulatory authorities to ensure compliance.
5. How do these changes align with China’s broader economic goals?
– China’s proposed changes reflect a balance between data control and economic growth. By facilitating cross-border data flows, China aims to attract foreign investment, encourage innovation, and support its technology sector’s development.
6. What are the implications for global data governance and trade relations?
– China’s approach to data regulations influences discussions on global data governance and trade relations. It intersects with issues like data sovereignty, data localization, and international data standards, potentially impacting international trade and cooperation.
7. How does data privacy and security factor into these changes?
– While the proposed changes ease some restrictions, they continue to emphasize data privacy and security. Protection of personal information and sensitive data remains a priority.
8. What should businesses do to adapt to these evolving regulations?
– Businesses operating in China should stay informed about regulatory developments, engage with regulatory bodies, invest in compliance expertise, maintain strong cybersecurity measures, and align their data practices with both legal requirements and consumer expectations.
9. How can I provide feedback or get involved in shaping these regulations?
– During the public comment period, which closes on October 15, stakeholders, including businesses, can provide feedback on the proposed regulations. Engaging with industry associations and legal experts can also help businesses participate in regulatory discussions.
0. What other areas of regulation in China should businesses monitor?
– Besides data regulations, businesses should also monitor evolving regulations in sectors like artificial intelligence (AI), as China is continuously updating rules to promote innovation and technology development.
Please note that the information provided here is based on the article’s content as of the publication date, and the regulatory landscape may have evolved since then. It’s essential for businesses to stay updated on the latest developments and seek legal counsel for specific compliance guidance.