“The premise of safeguarding key data is to firstly identify it, which definitely cannot lean on human power forever as the data volume to be dealt with is astronomical,” he said.
This is about to change. Although he did not give details on how the process would be automated, the scientist stressed that the crux of the technology was to transform key data into objects that could be identified, registered, monitored, and reported by computers.
The accurate, comprehensive understanding of “key data” was to put it in the context of national security, he said. Key data is non-classified but likely to influence national security.
First, companies considered critical information infrastructure operators must store data collected in mainland China locally; and second, these firms must also undergo a security assessment for approval to send any of that data overseas.
However, more detailed explanations regarding “key data” were not provided at the time.
It has been formally laid down in the Data Security Law, but the concept still haunts foreign-funded companies and overseas-listed Chinese firms because of its vague definition and uneven local implementation.
In its annual white paper report released in June, the Japanese Chamber of Commerce and Industry in China urged Chinese authorities to provide further specific guidance on the implementation of laws and regulations related to cross-border data flow.
The chamber – representing more than 8,300 Japanese firms operating in China – said industries like information and communication, cars, aviation, as well as banking and finance, were most directly affected.
Companies in these sectors called on Beijing to promptly enact detailed enforcement guidelines, including clarifying the category of “key data” applied, the paper said.
In July, during a visit to the pilot free-trade zone in Shanghai, Chinese Premier Li Qiang emphasised that cross-border data flow and management were issues of great concern, and efforts should be made to explore a new managerial model.
“China has become one of the world’s strictest regulators and entered the era of strong data compliance,” He Jingjing, a researcher at the Chinese Academy of Social Sciences told mainland news outlet Caixin last month, referring to the roll-out of the Cybersecurity, Data Security and Personal Information Protection laws in recent years.
The three laws place the onus on companies to adopt measures to secure their data, including training staff to classify, back up and encrypt important data.
Technology-based identification is expected to ease their burden, but experts said this was not the main concern.
“The primary challenge is to make sure standards of defining ‘key data’ are scientific and rational,” Beijing-based data privacy lawyer Xiong Dingzhong told the Post.
“Once the standards are clarified, whether the identification work is done by humans or machines doesn’t matter much.”
Meanwhile, two documents – titled “Guidelines for identification of key data” and “Security requirements for processing of key data”- being drafted by authorities in Beijing to provide guidance are now nearing completion.
As for how data security related rules might affect research in areas seen as sensitive, such as nanotechnology or quantum physics, especially for projects involving international collaborations, many scientists said the influence would be relatively limited because scientific data was usually open for sharing.
“I am not concerned with such problems in my research,” a quantum communication professor in the southern city of Guangzhou said, but refused to elaborate because of the sensitivity of the issue.
“We have training on data processing and sharing regulations, and only declassified data can be used for international collaborations.”
The policymaking scientist said the laws were evolving with the times.
“International scientific collaboration is a type of normal activity, but in today’s context, it involves significant data transfer, and thus it’s imperative to ensure the safety of cross-border data.”