New Chinese data security law and other rules affecting the country’s giant Internet industry are leaving companies fearful of accidental transgressions due to their ambiguity, company lawyers have said, reports Reuters.
The data security law, which goes into effect on the 1st of September, requires all companies in China to classify the data they handle into several categories and governs how such data is stored and transferred to other parties.
Key categories include “national core data” and “important data,” for which mishandling could carry a penalties of up to RMB 10 million ($1.5 million) or even a criminal charge.
Lawyers have told Reuters that the government has not yet provided definitions for these or given further details on what type of data may fall into which category. For example, the law says only that companies looking to transfer “important data” overseas must perform a security assessment each time.