The Cyberspace Administration of China published a draft regulation on network data security management on its official website on Sunday soliciting public opinions. The laws on data security and cybersecurity have already come into effect, and the regulation, if cleared, will serve as a detailed directory on how to enforce the two laws.

For example, the Data Security Law says the State shall establish a data protection system based on classification and data from different levels. And the draft regulation states what such a system should be like. It classifies data into three categories－general data, important data and core data while listing what protective measures should be taken to safeguard different kinds of data.

Individuals' personal information and other important data will enjoy key protection, while core data will enjoy strict protection.

The draft addresses some key public concerns that have been there since the Data Security Law came into effect. For example, addressing the public's concern about better regulating internet giants that control personal information, the draft says the companies dealing with personal information of more than 1 million users must allow the authorities to review their operations if they hope to get listed on an overseas stock exchange. Similar checks will be mandatory for those wanting to list on the Hong Kong Stock Exchange irrespective of how many users' data they handle. This will help prevent internet giants from leaking customers' personal information to make profits.

The draft also addresses the problem with the terms and conditions a user has to accept to use a certain app or platform. They are usually so long that users generally tap on "Yes, I agree" without bothering to read the entire list of terms and conditions. The draft says data processors must follow guidelines while making clear how they will deal with the users' personal information and ensuring the details are easy to read and the content unambiguous. If any app developer continues with the old practice of obtaining users' agreement by default, it can invite trouble for violating the regulation.

We hope individuals' personal data will be better protected once the regulation is implemented.