Ensuring data security in electronic form (About the draft law of the People’s Republic of China “On data security”)

Abstract

Digital data is a new factor of production in the information age. In the context of the rapiddevelopment of the latest technologies, such as big data, artifi cial intelligence, cloud computing andblockchain, as well as the continuous development of the digital economy, digital data plays an important role in the development of enterprises. Data security issues affect the development of a countryand its security, are related to public interests, and are also closely related to the personal rights of its citizens. It is necessary to regulate data protection at the legal level.July 2, 2020 the website of the National People’s Congress published the Data Security Law of the People’s Republic of China (draft), which systematically refl ects the current national point of view on data security and development, noting the improvement of data security to the level of state security. Like the Cybersecurity Law, it is a component of the general concept of national security, belongs to the highest level of law and has the highest legal force. This law is of great strategic importance for building a data protection system in the PRC.As the main law in the fi eld of data security management ,the Data Security Law has made certain breakthroughs in the defi nition of the concept of data. The concept of data in the Data Security Law is not limited to network data, but includes information recorded in electronic form and in other ways; the necessary extraterritorial consequences are provided for in the draft Data Security Law, which is of great importance for the protection of national sovereignty and civil rights of the People’s Republic of China; the relationship between data security protection, data development and use is clarifi ed, and the status of data in the development of the digital economy is clarifi ed through legislation in order to fully demonstrate the economic value of data; the main body responsible for security, supervision and overall coordination has been created, the main responsibilities of various regions and departments have been increased, supervision responsibilities have been redistributed, which is more in line with the needs and current situation in data security supervision; a data classifi cation system has been established that promotes the relevant work of data security surveillance agencies; an appropriate mechanism has been created at the state level in the system of data security risk assessment, reporting, information exchange, monitoring and early warning; a data export control system and a mutual data protection system were created, as well as the construction of a cross-border data fl ow system of the PRC was standardized; data protection obligations in organizations and for individuals performing data operations and performing data protection duties were clarifi ed; adhere to the principles of security and development and provide measures to support and promote data security and development; institutional measures have been taken to ensure the security of government data.The draft law on data security contains a comprehensive concept of information security. The upcoming Law on Data Security will contain recommendations and basic principles for ensuring data security and development. All industries will have to pay attention to an integrated management system and various supporting provisions to ensure data security and development. Gradually, a favorable environment will be created for the effective use of data and safe development, which will signifi cantly contribute to the rapid development of informatization and digitization.The Data Security Law includes all types of information in the fi eld of protection. In the future, the Law on Data Security should pay attention to the Law on Cybersecurity, Law on State Security and Law on the Protection of Personal Information, which are under development, supplement and improve today’s relatively disparate legislation related to data security. The laws and regulations of the PRC on data security will be carefully developed on the basis of these three laws in order to fully implement the development, use of data and industrial development, thereby promoting new provisions in the creation of a legal data security system.