A decisive majority of European companies has expressed a desire for China’s cybersecurity regulators to clarify legislation on cross-border data transfers to mitigate uncertainties in business operations and reduce compliance costs, according to survey results published on Wednesday.
The poll, conducted by the European Union Chamber of Commerce in China, showed that 81 per cent of participating companies would like further clarification on what constitutes “important data”, 59 per cent wanted the same for “personal information” and 39 per cent were hazy on the definition of “critical information infrastructure”.
Each of these terms appears prominently in the text of pertinent regulations, and an acute understanding of their meaning is essential for adherence.
Of the chamber’s more than 1,700 member companies, 762 were asked 19 questions from October 16 to 27. The poll was administered as Beijing intensifies its efforts to build a framework for data security through legislation, viewed as crucial for boosting the country’s digital economy and safeguarding national security.
“European companies would welcome more clarity on key terms related to cross-border data transfer, including precise definition of both ‘important data’ and ‘personal information’”, the chamber said in its published report on the survey.
07:30
Why China is tightening control over cybersecurity
Why China is tightening control over cybersecurity
Additionally, 41 per cent of companies in the survey said they would prefer any proposed new rules on cross-border data transfers to be synchronised with existing statutes.
To improve data regulation, China issued draft regulations on standardising and promoting cross-border data flows in September and closed the window for public comment a month ago. It provided a list of exemptions for security checks in transferring “important data” and personal information overseas, a move intended to alleviate worries over compliance.
However, the survey showed “a strong desire” for the exemption to be extended to personal information processing.
China’s ‘crisis of confidence’ curable, EU business head says in call to action
China’s ‘crisis of confidence’ curable, EU business head says in call to action
The vast majority of information flowing out of China consists of internal transfers to companies’ headquarters or other regional offices, the chamber said.
“These types of transfers pose a relatively low level of data security risk as companies can apply uniform data protection mechanisms both on the side of the sender and the recipient,” it added.
The chamber also said some requirements are too stringent, which are likely to cause additional operational burdens.
“These include regulatory security assessment thresholds that are relatively low, especially for larger multinational companies that handle large volumes of customer or employee data; and the fact that data handlers may be unable to sign standard contracts or be certified for the cross-border handling of personal information once a regulatory security assessment has been triggered,” it said.
02:54
French and EU leaders visit China to discuss trade and the Russia-Ukraine war
French and EU leaders visit China to discuss trade and the Russia-Ukraine war
Per the survey, 59 per cent of companies have seen a rise in compliance costs, and 31 per cent said they have had to improve their data security management.
But the impact of regulations on companies’ business strategy has been limited so far, the chamber said, and they also have had a positive impact on some businesses, as “31 per cent of respondents indicated that complying with them contributed to the strengthening of their own data protection mechanisms”.
Regulators were also asked to take more legitimate business needs into consideration and ensure a “positive spirit of opening up” is carried over to the sectoral rules.
‘We’re not optimistic’: China economists offer critical takes on FDI outlook
‘We’re not optimistic’: China economists offer critical takes on FDI outlook
At the same time, it has placed renewed emphasis on national security, bolstering data protections across major industries ranging from telecommunications to finance. Companies looking to do business in China have been flummoxed by what appear to be contradictory goals.
