Receive free cybersecurity updates
we will send you myFT Daily Digest Email summary of latest information cyber security There is news every morning.
China has begun to loosen some of its strict cross-border data controls amid complaints from foreign businesses and a faltering economy.
China’s Cyberspace Administration of China published regulations late Thursday aimed at clarifying and simplifying the outbound transfer of data in normal commercial activities.
The move comes as Beijing seeks to reassure foreign businesses concerned about deteriorating U.S.-China relations and the growing influence of its own security agencies.
Under current security rules, the CAC has been reviewing a large number of data export requests submitted by foreign groups wishing to share “important data” abroad.
However, Graham Webster, a China expert at Stanford University’s Center for International Security and Cooperation, said the rules “created an untenable situation where people were unsure whether they should apply for data review and which data counted. important data”.
“These changes will create a clearer path for most data to be sent abroad,” he said.
The CAC’s new draft rules state that only data clearly classified as important by government agencies will need to be submitted for security review. The draft rules allow multinational companies to share employee records abroad, while personal information required for cross-border purchases or bookings can be sent without security clearance.
China’s tight controls, coupled with expanded counterintelligence laws that took effect in July, have prompted many foreign groups to start divesting their local IT systems and data. Many companies choose to fully localize data for fear of inadvertently transmitting sensitive material.
The CAC’s draft rules will be open for public comment until mid-October, and it’s unclear whether the changes will be enough to appease foreign companies.
The expanded counterespionage law remains in effect, with the Ministry of National Security pushing for a “whole-of-society” approach to security risks – encouraging all citizens to join the ministry’s counterintelligence fight – while ramping up domestic propaganda efforts.
This year, national security officials raided the offices of U.S. consulting firms including Bain & Company and Mintz Group, and police raids at Triumph Group were shown on prime time. Triumph Group is an expert network group that helps foreign investors conduct due diligence. Chips from US semiconductor giant Micron Technology have also been labeled as “serious cybersecurity risks” and banned from use in infrastructure.
“Security remains a major concern in China under Xi Jinping,” Webster said. “They’ve been sending mixed signals about collecting data and sending it abroad.”