China has rolled out its new Data Security Law to
China has rolled out its new Data Security Law to tighten oversight of the country’s huge tech sector.
The law seeks to tighten the leash on China’s tech giants and what they do with information from their hundreds of millions of users.
It also comes as fears grow over data security with government departments becoming increasingly dependent on cloud storage services.
The new law was brought up over Beijings concerns related to national security. As Chinese tech firms look out to branches overseas, authorities fear that domestic data may end up in foreign hands.
The Data law lays down the responsibilities of all companies and organisations handling data.
Its scope is broad and includes data stored and handled within China’s borders as well as data abroad that could harm China’s national security or the rights of its citizens. the organisations and individuals are forbidden to hand over information to overseas law enforcement authorities without Beijing’s permission.
It stipulates fines of up to 10 million yuan ($1.55 million) for a range of offences including leaks and failing to verify the identity of buyers or sellers of information.
The law also affords Beijing the right to retaliate against any foreign government using “discriminatory” measures against China in the data and tech sectors.
The legislation also identifies a new “core” category of data related to national security, the lifeline of the national economy, major aspects of the people’s livelihood, and major public interests, which will be subject to stricter scrutiny.
Earlier this year the government had launched cybersecurity probes into a number of US-listed tech firms including Didi and truck-hailing platform Full Truck Alliance.
These laws are being rolled out as “the tech sector becomes a key arena amidst US-China rivalry, and may help extend China’s influence in shaping tech policies across the globe,” Kenn Yee, a policy analyst at consultancy Access Partnership told.
The country recently also passed a personal information protection law aimed at curbing the collection of user data by companies, is set to become effective by November.