XIAO DONGMEI: Data protection requires new system

By / 11-21-2016 / (Chinese Social Sciences Today)

In the information age, Big Data is a crucial production factor that is radically changing how people live, work and think. However, the flow of data also poses a challenge to national security because it can transcend any concrete and abstract barrier between countries.


With the largest number of Internet users in the world, China has advantages in terms of the sheer amount of data, but it lacks the ability to effectively collect, control and handle data. Currently, the hardware and software carriers of major domestic data are provided by foreign suppliers while the platform and tools for collecting data as well as analytic systems are also from overseas.


While enjoying the dividends brought about by Big Data, we should not overlook the negative externalities and pitfalls behind it. We must build a system for data protection and establish a boundary to prevent data risks that may threaten national security. 


Driven by dividends from data, the Unites States in 2012 became the first country to announce its plan for studying and developing Big Data. Soon after, the European Union, England, South Korea, Japan and China also began to implement national strategies and action plans on Big Data. A so-called data economy thus has come into being.


However, while Big Data is inspiring some to imagine great possibilities, it is also becoming a new paradise for cheaters, thieves and vicious hackers. Taking advantage of the large amounts of data, they can easily avoid punishment after committing a crime. After Edward Snowden exposed the PRISM surveillance program by the US National Security Agency, the world was shocked by the program’s scope.


Nevertheless, this case only reveals that the abuse and leakage of data is taking place every hour and moment. This event served as a wake-up call to other sovereign countries on data security, prompting a round of global legislation on data.


To safeguard data security, competition between countries has now expanded from technology to institutions. The European Union, which has always been strong in data protection, established the world’s first legal framework for data protection with the General Data Protection Regulation at its core.


Russia’s Personal Data Protection Law came into effect on Sept. 1, 2015. It requires any domestic or foreign companies to use servers based in Russia when collecting, processing and storing data related to Russian citizens.


Currently, it is a great challenge for China to build an efficient system for data protection. As indicated by Viktor Mayer-Schönberger in Big Data: A Revolution That Will Transform How We Live, Work and Think and proved by practice, in an age of big data, we need more than tinkering with existing regulations. A whole new system of regulations is necessary to counter risks brought about by data.


China’s National Security Law in 2015 for the first time proposed the concept of “cyberspace sovereignty,” aiming to ensure the security and control of the Internet and core information technologies, key infrastructure as well as the information systems and data in major areas. To formulate a full-fledged system for data protection, the first task is to decide the central aspects of regulations.


The first one is to define a negative list, prohibiting the collection, storage, processing and transaction of data related to national defense and military affairs as well as confidential information belonging to the Party and government. The second is the localization of data collection and storage, restricting the cross-border flow of some data.


The third is to adopt long-arm jurisdiction to extend the scope for data management and control. For instance, the EU General Data Protection Regulation applies if the data controller or processor, i.e. the organization, or the data subject, referring to the user, is based in the European Union. Furthermore, the regulation also applies to organizations based outside the European Union if they process personal data of EU residents.

 

Xiao Dongmei is professor and executive director of the Intellectual Property Institute at Xiangtan University in Hunan Province.