The European Union and China have launched an initiative aimed at addressing issues facing European companies in China relating to the transfer of non-personal data.
This initiative has a very appealing name: “Cross-border Data Flow Communication Mechanism.”
The aim is to address concerns about China’s restrictive data export laws, which have left European companies uncertain about what they can do with data collected in China, particularly in sectors such as finance, pharmaceuticals, automotive and ICT.
The European Commission is particularly concerned about vague language regarding China’s requirement that all “sensitive data” exports receive national security approval – Beijing has not provided a clear definition of the term and European countries worry it could be applied too broadly.
The initiative aims to “focus on practical solutions.”
Initiatives so far have included “initial discussions” between Sabine Weyand, Director-General for Trade at the European Commission, and Wang Jingtao, Deputy Director-General of the Cyberspace Administration of China (CAC).
These organisations aim to first review progress at the political level and then eventually engage at the expert and technical levels.
The mechanism is part of a broader agreement signed in 2023 between EU and Chinese authorities to facilitate data transfers and ensure compliance with China’s data regulations.
The Chinese government has long sought to control how domestic companies store data, and is known for taking measures against companies on problematic lists, including suspending apps and blocking initial public offerings.
Last June, the CAC enacted tougher rules requiring regulatory intervention when sending data overseas: companies transferring data on more than 100,000 individuals or handling information on more than one million people will now be required to carry out risk assessments and submit declarations.
The European Commission said on Monday that restrictions on cross-border data transfers are “a key factor undermining European investors’ confidence in China.”
That’s probably not wrong. Many Western companies have already left the country. Yahoo! The company ceased operations in China when the Personal Information Protection Law (PIPL), which regulates data storage, came into effect in 2021.
LinkedIn pulled out a month later, citing similar reasons.
China is careful to prevent its citizens’ customer data from leaving the country, but it is known to be happy to siphon off data from other countries.
For example, TikTok acknowledged in 2022 that some data about U.S.-based users was being transferred to China.
Other countries are starting to take notice: Earlier this month, Kakao Pay, a subsidiary of South Korea’s WhatsApp equivalent, got into trouble with regulators for sharing data on more than 40 million users with a subsidiary of Alipay, a company owned by China’s Alibaba.®
