On 19 December, China released a national policy paper describing its vision for a database system whose structured elements should propel the country’s vast throve of data to greater utility for the good of government, commerce and wider society (Opinions). Consolidating numerous legislative themes seen gathering momentum in China in recent months, the Opinions re-emphasise data as a strategic national resource, but also lay the groundwork for further policies relating to data ownership, trading, profit distribution, management and supervision.
Key aspects worthy of a closer look include:
- Good news for the digital economy – in their opening paragraph, the Opinions call for “making great efforts to strengthen the digital economy” and “building a new competitive advantage for the country”. Echoing top government’s promises, heard at China’s central economic work conference on 15-16 December, to promote the digital commerce rather than continue to rectify this sector, businesses reliant on the digital economy will welcome the Opinions as pro-development.
- Data classification types – Data is classified into three types under the Opinions: public data, enterprise data, and personal data. While the Data Security Law discusses “important data” and “core data” as being subject to strict regulation, and the Personal Information Protection Law focusses on imposing restrictions on the processing of personal information and sensitive personal information, this new high-level classification under the Opinions seems to encourage the free flow of data, especially for public data and enterprise data. We look forward to hearing more about the effect of these mechanisms on the use of these data types in future policies.
- Participation in international standard setting – the Opinions call for “active participation in the formulation of international rules and digital technology standards relating to data flows, data security, certification and assessment, and digital currencies”. The Opinions suggest that all these specifications should be based on the “Global Data Security Initiative”, China’s 2020 government-to-government proposal for harmonizing key data security frameworks. However, even if founding a new international baseline for future standards remains a hypothetical, at a corporate and academic level we see the National Information Security Standardisation Technical Committee of China (TC260) encouraging our fellow members to submit proposals to existing international institutions such as ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission) regarding network security standards; and the dominance of China’s national champions, such as Huawei in 5G, allows for pursuit of standardisation in certain existing technologies, while Huawei and Alibaba have the gravitas to join Meta to form standards for the Metaverse.
- National security considerations – International businesses may pause for thought where the Opinions emphasise implementing “national security reviews” for some data-related activities. Enterprises have grappled with uncertainty about review processes under 2017’s Cybersecurity Law and other existing data rules. That said, reading across the Opinions as a whole, these reviews appear to be raised in reference to three existing mechanisms: namely, cybersecurity review under the Cybersecurity Review Measures, foreign investment security review under the Measures for the Security Review of Foreign Investments, and cross-border data transfer security assessments under the Security Assessment Measures for Outbound Data Transfers. These reviews currently permit government intervention prompted by the sensitivity of data involved in IPOs, inbound M&A, and data exports from mainland China, respectively. The relevant industries will be relieved that there is hopefully not an additional mechanism that could derail cross-border business activities!
- Trustee mechanism to be explored –the Opinions propose to “explore a trustee mechanism” where professional organisations with the proper technical and human resources are introduced to “represent the interests of individuals and monitor the collection, processing, and use of personal information by market players” against which individuals typically struggle to negotiate in defence of their data subject rights. While Chinese scholars have been discussing the theory and practice of data trusts in common law countries like the US and the UK (e.g. The ODI – Open Data Institute) for some time, neither trust arrangements as a legal concept nor industry are fully developed in China. It remains to be seen if public institutions like consumer associations are more likely to be permitted to take trustee roles than commercial organisations in other countries.
- Data exchanges and data trading – the Opinions seek the establishment of an efficient and compliant data trading system that encourage data flow and transactions in an orderly manner. Up to now, China has approved 39 data exchanges in the mainland, including in all the first-tier cities of Shanghai, Beijing, Shenzhen and Guangzhou. Having visited the Shanghai Data Exchange, which clearly has ambitious plans for various trading platforms, we would expect savvy multinational companies in China to be closely monitoring the development of these exchanges as their services should become a place to monetise data assets in the mid- to long-term.
- International frameworks for free data flows – the Opinions encourage bilateral and multilateral consultation on establishing mutually-beneficial rules for cross-border data flows. China has entered into the Regional Comprehensive Economic Partnership (RCEP) since 2020, and is applying to join the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and the Digital Economy Partnership Agreement (DEPA), and has at least a dozen bilateral free trade agreements with other countries and regions like Korea, Australia, Singapore, and ASEAN. However, although some of these agreements touch upon personal information protection, since China is still testing its domestic rules for data export (comprising data export security assessments, certifications and standard contracts), the cross-border data transfer principles in these international arrangements lack clarity and implementation – not to mention a whitelist of approved destination markets to encourage freer data transfers. As the Opinions fully acknowledge the importance of international cooperation, we anticipate China will be more proactive in exploring new methods to facilitate cross-border data flows in the tech sector and beyond in 2023.
- Grass-roots exploration – the Opinions also encourage localities to “promote innovation in data element-related technologies and industrial applications” and expressly call on Zhejiang Province to boost R&D. Being one of the most developed provinces in China and also home to e-commerce giant Alibaba, Zhejiang is an ideal region for data-related experimentation. In addition, Hainan Free Trade Port and the other 21 free trade zones opened in the past 10 years are expected to enjoy similar policies as Zhejiang.
Although not quite the source of knowledge that is ChatGPT, the Opinions still leave much to chat about in the data space going into 2023!
Linklaters Zhao Sheng’s Tech and Data Solutions Team wish everyone a happy new year!