The Cyberspace Administration of China and other central government departments jointly issued a draft regulation on network data security recently, in another move to strengthen the rule of law. The draft regulation is aimed at helping data processing and digital enterprises to build a better data architecture and improve the data compliance system.

The more data the data processors have and the more accurate their recommendations are for internet platform operators, the higher will be their customers' loyalty. On the other hand, the more data they handle, the greater will be their responsibility to ensure data security and data compliance.

China has enacted the Network Security Law, the Data Security Law, and the Personal Information Protection Law in recent years, but fully implementing them remains a challenge.

Promoting data compliance, for example, means data processors know what to do and what not to do. According to the provisions of the Data Security Law and other laws and regulations, the Cyberspace Administration of China is responsible for the overall planning and coordination of network data security and supervision. The draft regulation not only makes clear the responsibilities of regulators, but also says what actions the data processors can take, and what their conduct and obligations should be.

The draft regulation proposes that internet platform operators solicit public opinions on their official websites and the views of platform industry associations before formulating platform rules, privacy policies or amending any rules that would have a significant impact on the rights and interests of users. Such a move will promote openness and transparency in data management.

The draft also stipulates that the internet platforms should not set unreasonable restrictions and obstacles through their rules, algorithms or technologies that would restrict small and medium-sized enterprises from accessing industry and market data generated by the platforms.

The draft also says that all kinds of mergers, reorganizations, dissolutions and bankruptcy, or overseas listing and other transactions by domestic enterprises are subject to data supervision, and those that meet the requirements will not only have to report to the regulatory authorities, but also carry out an annual data security assessment.

China has established a legal system to ensure data security, while strengthening data security supervision. Only by managing and protecting data at different levels can enterprises better fulfill their data security responsibility.