China’s top lawmaking body has begun reviewing draft data security legislation that legal experts say aims to protect individual privacy but also promote the use of government data.
It was submitted to the National People’s Congress Standing Committee for the first reading on Sunday, official news agency Xinhua reported.
The draft says that the state will protect “legitimate rights of individuals and organisations” over the use of their data, and “promote the development of the digital economy”, according to the report.
Yue Zhongming, spokesman for the NPC Legislative Affairs Committee, said late last year that the standing committee planned to finish the review by the end of 2020. Lawmakers usually vote on new legislation after three readings.
Liu Deliang, a law professor at Beijing Normal University, said a data security law was essential in China as the country sought to grow its digital economy.
came into force in China in 2017, it provides only broad objectives for data security.
According to Emmanuel Pernot-Leplay, who has a PhD in comparative data protection law from Shanghai Jiao Tong University, the goal of the new legislation would be to spell out the technical requirements for data protection and specify the rights and responsibilities of different stakeholders and regulators.
“Such a law should target both personal and non-personal data,” he said referring to the data of individuals and that of bodies like government and business.
China is speeding up development of its digital economy and pushing sectors like artificial intelligence and big data, but industry experts say that while it has been expanding, regulation has lagged behind.
The big data market in China could reach US$22.49 billion by 2023, according to a report by research firm the International Data Corporation last year.
Legal experts welcomed progress on the proposed legislation, saying a data security law could provide necessary support for individuals as well as business.
“For individuals, if their personal data is leaked or stolen, they will have legal protection when this law is implemented,” said Zeng Liaoyuan, an associate professor of information and communication engineering at the University of Electronic Science and Technology of China in Chengdu.
Pernot-Leplay said that if it was done properly, the legislation could help to significantly reduce data breaches.
But Zeng believed that the law would have the biggest impact on businesses because it promoted the use of government data.
The draft law calls on China to build a “standardised, interconnected, safe and controllable open platform” for government data.
“Companies can carry out such businesses, which is something that they couldn’t do before,” Zeng said. “It will also reduce business costs through sharing of government data.”
But some experts said the current draft was “too basic” and that further detail was needed.
One example was the part calling for government departments and industries to publish a list for “important data protection”, without saying what that was.
Liu, the law professor in Beijing, said the legislation should give a clear definition of “important data”. He was also concerned that inconsistencies with local regulations could lead to different standards across the country that may hurt industry growth.
The draft law also states that China will establish a data review system to safeguard national security.
Zeng noted that data security and national security were closely related, and data had become an important resource.
“Some data is related to national security, though ordinary people may not feel that way,” he said.