China’s latest draft data security rules for the financial sector, released by the People’s Bank of China (PBOC), have drawn attention for their potential impact on the industry. However, experts assert that the proposed regulations are not intended to impose an additional compliance burden on companies. Instead, they aim to provide a clear and detailed data security regulatory framework that encourages data-based financial innovation while safeguarding data security.
Balancing innovation and data security
The draft rules come as a part of China’s ongoing efforts to establish a comprehensive data security regime for the financial sector. Rather than contradicting existing legislation, the proposed measures seek to articulate and refine provisions for the financial services industry. Alex Roberts, a tech and data counsel at Linklaters, a global law firm, emphasizes that the draft rules align with previous legislative trends without adding to the industry’s compliance burden.
Cross-border data management
One of the major concerns raised by the financial industry is whether cross-border financial information will face heightened scrutiny and result in increased compliance costs. However, the draft rules explicitly state that they do not impose additional compliance obligations in the area of cross-border data management, where the Cybersecurity Law and the Data Security Law already apply.
According to the draft rules, data collected within China, if required by laws and regulations, must be stored domestically. For data processors intending to provide such data to entities overseas, a data export safety assessment from cyberspace authorities is necessary. Moreover, financial institutions are prohibited from providing domestically stored data to international organizations and foreign financial authorities without approval from the central bank and other relevant regulators.
Global trends in data security
Lu Dingliang, a senior partner at Beijing Jingshi Law Firm, points out that the emphasis on cross-border financial data security in the draft rules aligns with global trends. Notably, the European Union and the United States have also implemented requirements for scrutinizing data exports. As such, foreign financial institutions operating in China are expected to adapt quickly, as similar requirements may already be in place in their home countries.
Promoting data governance and protection
The draft rules stress the importance of establishing a five-tier data classification system and implementing data protection measures that correspond to the level of sensitivity and importance of the data. Financial institutions, especially smaller ones, are encouraged to invest in their data management systems to comply with the regulatory requirements.
Tian Jiyun, a security expert at Beijing-based Dingxiang Technologies, believes that such investment will ultimately benefit the financial industry by driving the adoption of scientific data management systems. This will ensure financial data security and unlock the full potential of data as a crucial production factor.
Potential for future regulations
Colette Pan, a corporate partner at Shanghai-based Zhao Sheng Law Firm, notes that it would not be surprising to see more Chinese financial regulators introducing their own data security rules. The global trend of increased regulation aligns with international practices, reflecting the importance of data protection in an increasingly interconnected world.
China’s draft data security rules for the financial sector are poised to create a clear and robust regulatory framework that encourages data-based financial innovation while safeguarding data security. Through aligning with existing legislation and global trends, these regulations aim to strike a balance between promoting data-driven progress and ensuring compliance with stringent data protection measures. As financial institutions adapt to these rules, the long-term benefits of enhanced data governance and security are expected to significantly contribute to the growth and stability of China’s financial industry.