Advertisement
Singapore markets closed

  • Straits Times Index

    3,176.51
    -11.15 (-0.35%)
     

  • Nikkei

    37,068.35
    -1,011.35 (-2.66%)
     

  • Hang Seng

    16,224.14
    -161.73 (-0.99%)
     

  • FTSE 100

    7,869.01
    -8.04 (-0.10%)
     

  • Bitcoin USD

    64,039.88
    +341.54 (+0.54%)
     

  • CMC Crypto 200

    1,376.12
    +63.49 (+5.09%)
     

  • S&P 500

    5,001.04
    -10.08 (-0.20%)
     

  • Dow

    37,957.77
    +182.39 (+0.48%)
     

  • Nasdaq

    15,463.09
    -138.41 (-0.89%)
     

  • Gold

    2,405.30
    +7.30 (+0.30%)
     

  • Crude Oil

    83.00
    +0.27 (+0.33%)
     

  • 10-Yr Bond

    4.6190
    -0.0280 (-0.60%)
     

  • FTSE Bursa Malaysia

    1,547.57
    +2.81 (+0.18%)
     

  • Jakarta Composite Index

    7,087.32
    -79.50 (-1.11%)
     

  • PSE Index

    6,443.00
    -80.19 (-1.23%)
     

China pushes for security reviews of firms seeking to export user data

Reuters
Updated ·2-min read
FILE PHOTO: A sign above an office of the Cyberspace Administration of China (CAC) is seen in Beijing

BEIJING (Reuters) -China's top internet regulator on Friday published draft guidelines that will subject companies with more than 1 million users in the country to a security review before they can send user-related data abroad.

The Cyberspace Administration of China (CAC) said in a statement that the security review requirement would also be applied to firms if their data is collected and generated by operators of "critical information infrastructure," or if the data to be sent overseas contains "important" information.

Companies that have already sent abroad, or intend to send abroad, the personal information of more 100,000 users or "sensitive" personal information belonging to 10,000 users, would also be bound by the requirement, it said.

The proposed measures, which are open to public review until Nov. 28, come as Beijing tightens its grip on Chinese companies and the vast troves of data they control. It has passed new laws on data security and personal information protection.

ADVERTISEMENT

In July, the CAC also proposed that companies with more than 1 million users must report to the regulator for a security review before listing shares overseas, just days after suspending the initial public offering of ride-hailing giant Didi Chuxing over alleged data violations.

Last month, China’s industry ministry published draft rules aimed at bolstering its new data security law, including definitions of what it considered "core" and "important" data, for which cross-border transfers must receive approval.

The CAC also detailed on Friday what documents organisations needed to submit, and said that the security review should be completed in most cases within 45 days but under “complicated circumstances”, could require up to 60 days.

A successful security review would have a two-year validity period, but factors such as “changes in the legal environment of the country or region where the overseas receiver is located” could prompt a new review, according to the draft rules.

(Reporting by Yingzhi Yang, Brenda Goh and Eduardo Baptista; Editing by Christian Schmollinger and Gerry Doyle)