China’s Draft Cybersecurity Measures Suggest Increased Focus on Data Security


On 28 May 2019, the Cyberspace Administration of China (CAC) released the “Data Security Management Measures (Draft for Comments)” (Draft Measures) (unofficial English translation here), containing detailed rules to expand regulations beyond the Cybersecurity Law 2016, which came into effect on 1 June 2017. The Draft Measures mainly focus on protective measures for personal information and “important data,” which affects national security, economic security, social stability, and public health and safety.

The new measures also adopt a broad EU-style definition of personal information, require user’s explicit consent for data collection and use, registration of collection of important or sensitive data, government approval for certain cross-border data transfers, and breach notification to Chinese regulatory authorities and affected individuals.

Show More