China’s vague ‘important data’ definition prompts EU talks • The Register

The European Union and China have launched an initiative aimed at addressing issues faced by European companies in the Middle Kingdom related to the transfer of non-personal data.

The effort goes by the very sexy name “Cross-Border Data Flow Communication Mechanism.”

The goal is to address concerns about China’s restrictive data export laws, which have left European businesses unsure about what they’re allowed to do with data collected in China – particularly in sectors like finance, pharma, automotive, and ICT.

The European Commission has specific concerns around vague language regarding China’s requirements to obtain security approvals for exports of all “important data.” Beijing has not offered a solid definition of that term – leaving Europeans concerned it could be applied broadly.

The initiative is intended to “focus on practical solutions.”

So far, efforts include “first discussions” between Sabine Weyand, director-general of DG Trade at the European Commission, and Cyberspace Administration of China (CAC) vice-minister Wang Jingtao.

The orgs aim to engage eventually at expert and technical levels, after first reviewing progress at a political level.

The mechanism is part of a broader 2023 agreement between EU and Chinese officials to facilitate data transfers and ensure compliance with Chinese data regulations.

Beijing has long sought to control how its domestic businesses store their data. It is known to take action – including pulling apps and blocking IPOs – against those on its naughty list.

In June of last year, the CAC instituted even tougher rules that required regulatory intervention when sending data abroad. Companies that move data describing over 100,000 individuals or handling information of over one million people were required to conduct risk assessments and file declarations.

The European Commission stated on Monday that the cross-border data transfer restrictions are “a major contributing factor to the declining confidence of European investors in China.”

It likely isn’t wrong. Many Western businesses have already left the nation. Yahoo! ditched its Chinese operations when the nation’s Personal Information Protection Law (PIPL), which regulates data storage, came into effect in 2021.

LinkedIn cited similar reasons when it left a month later.

While China is careful not to let customer data about its citizens leave its shores, it has a reputation for being happy to slurp up the data of other countries’ people.

For instance, TikTok admitted back in 2022 that some data about US-based users is transferred back to the Middle Kingdom.

Other countries have started to take notice. Earlier this month, Kakao Pay – a subsidiary of Korea’s WhatsApp analog Kakao – got in trouble with regulators for sharing the data of more than 40 million users with a subsidiary of Alipay, a company under the umbrella of Chinese-owned Alibaba. ®