Draft cyber law requires annual security check for outbound data providers: watchdog
China’s top cyber authority on Tuesday released a draft law that would require firms exporting data to undergo an annual security assessment, in the latest of several recent safeguards against threats such as hacking and terrorism.
Any business transferring data of more than 1,000 gigabytes or affecting over 500,000 users will be assessed on its security measures and on the potential of the data to harm national interests, showed the draft from the Cyberspace Administration of China.
The law would ban the export of any economic, technological or scientific data whose transfer would pose a threat to security or public interests.
It would also require firms to obtain the consent of users before transmitting data abroad, according to the draft, Reuters reported.
The draft law aims to safeguard security of personal information and “significant data,” which means information and data that is closely related to national security, economic development and public interest.
The proposed law, which focuses on personal information security, comes just a day after reports that the Beijing municipal government is offering rewards of between $ 1,500 and $ 73,000 for citizens who report suspected spies.
It is also an extension of legislation passed in November 2016 formalizing a range of regulations over firms that handle data in industries the government considers critical to national interests.
Chinese officials stressed that the Cybersecurity Law enacted in November follows international practices and does not target foreign firms.
Under the rules released on Tuesday, sensitive geographic data, such as information on marine environments, would also be scrutinized.
The draft is open for public comment until May 11.