China wants to fine-tune personal data protection, but doors to government access remain open

New guidelines will help to ’clear out some grey zones’ in existing data law, analysts say, but point out lack of clear checks on government use

Reading Time:4 minutes

Why you can trust SCMP

China’s focus on protecting critical data aims to impose stricter limits on how companies collect and utilise sensitive personal information, while promoting the free flow of less sensitive data to unlock its economic potential. Photo: Shutterstock

Xinlu Liangin Beijing

Published: 12:00pm, 15 Jun 2024Updated: 8:35pm, 15 Jun 2024

China is seeking public feedback on revising its guidelines for identifying sensitive personal information.

Analysts said the revised rules could help companies better protect individual privacy, but stop short of limiting government access to personal data.

A draft guideline for the revision, outlining identification methods and offering common categories and examples, was released by China’s cybersecurity standardisation and data protection agency on Tuesday.

The guidelines aim to act as a reference point for “organisations in the processing, cross-border transfer, and protection of sensitive personal information”, the National Cybersecurity Standardisation Technical Committee said in releasing the draft on its website.

China’s sweeping Personal Information Protection Law, in effect since November 2021, and Data Security Law, issued in September that year, are part of a broader drive to develop China’s digital economy amid rising national security concerns.

These concerns, according to the state security ministry, include the risk of data leaks, cyberattacks and data manipulation that impact the economy and military.