China has recently announced a new set of rules for various companies to further improve its domestic data security measures, reported the South China Morning Post (SCMP). This is part of the Chinese government’s data governance framework to strengthen its critical information infrastructure.
The State Council released the new regulations governing companies under the telecommunications, energy, transport, finance, and defense sectors, which will closely monitor their cybersecurity.
The goal of the new rules is to strengthen the Chinese government’s control of domestic data, particularly its “critical information structure.” SCMP noted that this term is “included in China’s Cybersecurity Law” but it “lacks specific guidance.”
The new measures mandate industry regulators to create guidelines for determining key operators. They are also required to notify the companies and the State Council, while the public security department or the police ensure security.
China has been developing its data governance framework to enhance the security of what it considers important information. To do this, Beijing will be restricting businesses’ gathering and use of personal data, while supporting the use of less private and sensitive info for economic gain.
SCMP cited Linklater’s Alex Roberts, who said that the new measures “reveal the continuing emphasis that China’s top brass puts on protecting the most sensitive parts of the country’s digital networks.”
The 2017 Cybersecurity Law indicates that businesses that deal with information infrastructure are being closely monitored by the government because of the sensitive nature of data. According to the law, any flaws in such infrastructures could potentially have severe impacts on the nation, particularly in terms of security, public interest, and livelihoods.
Over the past months, the Cyberspace Administration of China (CAC) has been cracking down on various businesses including ride-hailing company Didi Chuxing. The watchdog has also imposed fines or restrictions against Meituan, Pinduoduo, and Alibaba.
In Didi’s case, some experts speculate that the company is was targeted by the CAC as it is considered an operator of key infrastructure, while others think that the scrutiny was brought by its data use and collection activities.
Meanwhile, Roberts says that the new rules still need some polishing. He commented, “The new rules fail, however, to definitively answer one of the biggest questions for the top management of multinational corporations since the advent of the Cybersecurity Law: Are we a critical information infrastructure operator?”
The series of anti-trust moves by the Chinese government has earned the ire of the stock market, evidently shown by the steep drop in Chinese tech stocks.