After the 29th meeting of the Standing Committee of the National People’s Congress (NPCSC), China releases the full version of the PRC’s Data Security Law (DSL), ratified through the PRC President’s Order No. 84 on 10th June 2021. The law will come into force on 1st September 2021.

Some highlight changes from the 2nd draft we have noticed:

· Small changes in direction of the DSL:

         -Deletion of ‘protection of national sovereignty’ of the DSL scope, protecting ‘national security and development interests’ still remain (Article 1).

         -Engagement in international exchanges is narrowed with examples such as data security governance and data development and utilisation. Previously in the second draft, it was generally defined as ‘data area’ (Article 11).

          -‘People’s Governments at county provincial level or above shall incorporate digital economy development into their economic and social development plans’, this change removes some burden on lower level governments (Article 14).

-Re-classification of data and its protection mechanism:

Creation of National Data Security Work Coordination Mechanism (国家数据安全工作协调机制) that will coordinate data security (Article 5).

It will coordinate the important data catalogues (Article 21).

         -It will also coordinate relevant departments to strengthen the acquisition, analysis, research and judgment, and early warning of data security risk information. It is said that a more stringent management system will be implemented for these data  (Article 22).

Introduction of a new concept of national core data (国家核心数据), which is described as data related to national security, the lifeline of the national economy, important people's livelihood, and major public interests (Article 21).

         -In violation of the protection of national core data, the relevant department can pose a fine of not less than CNY 2 million but not more than CNY 10 million, and order the suspension of relevant business, suspend business for rectification, or revoke the relevant business license; if a crime is constituted, criminal responsibility shall be investigated in accordance with the law (Article 45).

          -New fines have been added as well to illegal cross-border transfer of important data: a fine between CNY 100,000 to CNY 1 million can be posed, in serious cases, retirement of business licence can be imposed. The direct person in charge and other directly responsible persons shall be fined between CNY 10,000 to CNY 100,000, or CNY100 to CNY 1 million in serious cases (Article 46).

The State’s new responsibilities:

         -responsibility of  promoting data security awareness to improve data security protection knowledge of the whole society, where originally it only aimed to create a data security coordinated mechanism (Article 9).

          -Protection clause to whistle-blowers’ information and rights is added to their right to report violations of the Law (Article 12) and another clause on the duty to information protection is placed upon public servants and government hired parties performing their duty (Article 37 & 40).

          -Public services shall consider the needs of the elderly and disabled and not exclude them (Article 15).

Please read or download The English version of China data Security Law in the following link

http://bestao-consulting.com/translated/detail/166

Any more information you would need on the topic, or any help on the purchase, please contact:

assistant@bestao-consulting.com