A few days ago, Ministry of Industry and Information Technology issued the Measures for the Administration of Data Security in the Field of Industry and Information Technology (for Trial Implementation). It is required that the important data and core data collected and generated by data processors in the field of industry and information technology in China should be stored in China if there are domestic storage requirements in laws and administrative regulations. If it is really necessary to provide it to overseas, the data exit security assessment should be conducted according to laws and regulations.

Data is the core element of digital economy and has become an important strategic resource. Data exit from the country has risks, ranging from damaging national interests to infringing individual rights and interests. Data Security Law of the People’s Republic of China implemented last year proposed that competent departments of industry, telecommunications, transportation, finance, natural resources, health, education, science and technology should assume the responsibility of data security supervision in their own industries and fields. This time, Ministry of Industry and Information Technology has formulated and issued data security management measures according to law, which will accelerate the institutionalization and standardization of data security management in relevant fields.

The industrial and information fields are the key areas for the development of digital economy, and data security issues cannot be ignored. From the perspective of segmentation, on the one hand, the management measures issued this time clearly propose to carry out data sorting and grading protection and strengthen the full life cycle security obligations of data. On the other hand, it is clear to build a data security supervision system in the field of industry and information technology. This series of measures provide institutional guarantee for the industry data security supervision, guide data processors to improve data security management and technical protection measures, and fulfill the main responsibility of security protection.

In view of the increasingly important data sovereignty, data privacy and data cross-border circulation rules, the relevant regulatory authorities should conduct the security check for data exit from China according to law, and scan and check whether the indicators meet the standards. According to Data Exit Security Assessment Measures implemented this year, the data exit security assessment should achieve combination of pre-assessment and continuous supervision, and combination of risk self-assessment and security assessment. The focus of data exit security assessment is to assess the risks that data exit activities may bring to national security, public interests, and the legitimate rights and interests of individuals or organizations.

In the digital era, it is necessary to strengthen the normalized and precise supervision for the cross-border flow of normalized data. Improving the rules of data exit security assessment and clarifying the regulatory norms will promote the administrative supervision departments to administer according to law and have a targeted purpose. Only with effective supervision and proper supervision can the cross-border security and free flow of data be promoted and the data security barrier be built.