China issues draft regulations on data security and management

The Cyberspace Administration of China has issued draft regulations for consultation on Internet data security.

The draft regulations give some practical operational details on certain aspects of the Cybersecurity Law, Data Security Law (DSL) and Personal Information Protection Law, law firm Linklaters reports.

“The Draft Regulations build upon the general requirements for comprehensive systems and procedures for handling data in the DSL, and supplement these with requirements to employ techniques such as access controls and password protection. Platform businesses are mandated to comply with additional requirements (mainly from an antitrust perspective), including on disclosure of privacy practices and use of algorithms. Public consultation and, for large platforms, regulatory approvals, are required to implement certain rules and policies, which could significantly slow the ability of platforms to adjust data practices to new competitive and regulatory developments,” Linklaters say.

The draft Network Data Security Management Regulation was published on 14 November 2021. The consultation period closes on 13 December 2021.