Data Export From China

In a law conference on September 28, 2017, I would mention about Mainland China's Cybersecurity Law 2016 that came into effect on June 1, 2017, impacting on network operators having cyber activities in Mainland China. The Law safeguards Mainland China's network security, cyberspace sovereignty, national security, societal public interest, informational development, and public-private governance. The Law's seven Chapters and 79 Articles codify and consolidate Mainland China's internet usage and data management rules, and make transparent Mainland China's cybersecurity goals, strategies, and execution.

In line with regional and international standards and norms, the Law covers personal information and data protection. Owners, managers and service providers of any system comprised of computers or other information terminals and related equipment that collects, stores, transmits, exchanges or processes information following certain principles and rules have to comply with the Law (Chapters 3, 4 & 7). The Cybersecurity Administration of China is Mainland China's principal enforcing agency.

The Law's key protection focuses on public communication, information services, energy, transport, water, finance, public services and electronic governmental services (Article 31). Personal information sufficient to identify a natural person or other important data collected or generated within Mainland China should be stored within Mainland China. If actual business needs require it to be supplied outside of Mainland China, its security assessment should follow the relevant laws, rules or methods (Article 37).

By enacting the Cybersecurity Law 2016, Mainland China secures its cyberspace sovereignty, protects its critical information infrastructure and individual privacy, facilitate network operators to prevent cybercrimes. Serious non-compliance sanctions include suspension of the relevant business, shutting down of websites, revocation of business permits and opeation licences and a maximum fine of $1Million RMB (Article 64). The grace period for network operators to comply with the Mainland Chinese information and data storage requirement will end by the year of 2018!