A few days ago, the “Data Security Law of the People’s Republic of China” (hereinafter referred to as the “Data Security Law”) was officially passed and promulgated, and will come into force on September 1, 2021. What are the highlights of this law? What signals are revealed? What’s the significance? Communication Jun invites 5 experts to interpret it for you.
Shen Changxiang
member of China Engineering Academy
The “14th Five-Year Plan” proposes to activate the potential of data elements, promote the construction of a strong network country, accelerate the construction of a digital economy, a digital society, and a digital government, and use digital transformation to drive changes in production methods, lifestyles, and governance methods as a whole.
Data has become an emerging factor of production, a basic and strategic resource for the country, and the need for data security has become more and more prominent. Strengthening the protection of data security is not only related to the interests of everyone and every organization, but also closely related to economic and social development and national security, and its security must be fully protected.
The promulgation of the “Data Security Law” will help to further enhance the national data security assurance capability, help strengthen my country’s response to national security risks and challenges caused by data, and help comprehensively safeguard national sovereignty, security and development interests.
To strengthen data security protection, we must adhere to active prevention, build a data-in-depth defense protection system based on hierarchical protection, and strengthen trusted immunity and active protection to ensure that data is credible, controllable, and manageable.
The first is to strengthen the overall protection of data resources, environment and systems, and to build a multi-protection and multi-level interconnected architecture to ensure the credibility of the data processing environment; the second is to strengthen the control of processing procedures, prevent internal attacks, and improve the self-immunity capability of computing nodes; It is to strengthen the security mechanism at the global level, formulate data control strategies, sort out the data processing process, and establish a new safe data processing model; the fourth is to strengthen the security management supported by the technology platform, based on the security strategy, and business processing, monitoring and daily management. The system is organically combined, and both technical management and whole-process management are implemented.
Li Fenghua
Second-level researcher of the Institute of Information Engineering, Chinese Academy of Sciences, director of the Seventh Applied Engineering Department
Data is a basic national strategic resource. The Data Security Law elevates data security to the level of national security, clarifies the scope of data, data processing, and data security, clarifies the main responsibility for data security protection, and regulates national administrative departments, The responsibilities and powers of enterprises and individuals lay the foundation for data security protection.
From the perspective of the full life cycle of data, the “Data Security Law” clarifies the data collection, storage, use, processing, transmission, provision, disclosure and other links, for the follow-up law enforcement inspection, standard formulation, enterprise data security protection, personal rights protection and other aspects have pointed out the direction, and will promote the application of relevant technical means in different links.
In order to further implement the “Data Security Law”, enterprises should strengthen the self-regulation of data security in the future, and the law enforcement supervision of the national administrative department should be organically combined with the self-regulation of enterprises to promote the orderly use of data.
It is necessary to strengthen the construction of the data security standard system, widely absorb the opinions of national administrative departments, enterprises, scientific research institutions and individuals, balance the concerns of various stakeholders, improve the effectiveness of law enforcement, promote the legal and compliant use of data by enterprises, reduce Enterprise protection costs, ensure that the protection of personal rights and interests is effective and traceable, fully mobilize the enthusiasm of all stakeholders in the whole society, and truly promote the effective implementation of the “Data Security Law”.
Li Jianhua
Dean and Professor, Institute of Cyber Security Technology, Shanghai Jiao Tong University
As my country’s first law related to data security, the “Data Security Law” has undergone three reviews and revisions since June 28, 2020. During this period, it has continued to attract widespread attention from all walks of life. The promulgation of this law marks that my country’s legal gap in the field of data security has been effectively filled, and the data security construction and supervision work of various industries in my country will enter a new era with laws to abide by and laws to abide by.
The “Data Security Law” clearly puts forward the work direction of promoting data security by insisting on data development and utilization and industrial development. specific requirements have been put forward. At the same time, further emphasis has been made on the construction of security mechanisms in the open sharing of government affairs data and the punishment for illegal crimes.
The “Data Security Law” not only clarifies the supervisory responsibilities of data security authorities, but also actively promotes the establishment and improvement of the data security collaborative governance system. The law has necessary expanded the scope of data protection, effectively enhanced the country’s ability to ensure data security, and will also significantly strengthen the security of data in the development, utilization, exit and free flow of other links, so as to effectively To improve the value of data utilization, it will also inject new power into the development and innovation of the digital economy.
The “Data Security Law” will vigorously promote the realization of the tasks and objectives of safeguarding national sovereignty, national security, and national interests, as well as safeguarding the legitimate rights and interests of all citizens and organizations in data. It will also become a powerful guarantee for the successful transformation and healthy and safe development of my country’s digital economy.
Huang Peng
Deputy Chief Engineer and Director of Information Policy Institute, National Industrial Information Security Development Research Center, Senior Engineer
The “Data Security Law” reflects the country’s high attention to the field of data security. Its main highlights include the following aspects:
The first is to pursue a dynamic balance between maintaining data security and guiding the development of the digital economy. The law focuses on prominent issues in the field of data security, and proposes data security systems, data security protection obligations, government data security and openness, etc., to ensure that data activities meet security requirements.
At the same time, the law incorporates the concept of developing the digital economy, promotes the open use of government data, uses data to improve the intelligence level of public services, and fosters a data trading market. Therefore, the law generally embodies the basic concept of the country’s overall development and security.
The second is to pay more attention to the construction of data security system. The law stipulates the data security system as a separate chapter, clearly proposes a data classification and grading protection system, determines the specific catalogue of important data, and proposes a new concept of core data. By clarifying data security risk assessment, reporting, information sharing, monitoring and early warning mechanism, emergency response mechanism, security review system, export control system, etc., strengthen the construction of internal control system to prevent and control data security risks.
The third is to strengthen the overall planning of national data security work, and determine the main body of industry security responsibility, supervision and overall coordination. The law re-clarifies the supervisory responsibilities, determines the main responsibilities of each region and each department, and the network information department plays the role of overall planning and coordination. Security agencies, etc. shall undertake the supervisory responsibilities within the relevant scope of responsibilities. By clarifying the overall coordination functions at the national level, ensure the effective implementation and implementation of subsequent national data security strategies and major guidelines and policies.
Fourth, increase penalties for data leakage activities that endanger national security. The law increases the penalties for violating the national core data management system, and imposes a fine of up to 10 million yuan for those who endanger national sovereignty, security and development interests and illegally provide important data overseas. Therefore, the law sets a basic “red line” for data security risks, and once a data breach endangers national security, it will face huge fines.
As the basic law in the data field, the “Data Security Law” is the legal basis for the national strategy of data elements. The future development of the data element market will truly have laws and rules to follow.
Jiang Wei
Deputy Director (in charge of the work), Researcher, Institute of Cyber Security, China Academy of Cyberspace
There can be no national security without data security. Data security has become a major issue related to national security, economic and social development, and the vital interests of the broad masses of the people. The formulation and implementation of the “Data Security Law” is the need to thoroughly implement the spirit of General Secretary Xi Jinping’s important instructions and the Party Central Committee’s decision-making and deployment, to safeguard national security and the vital interests of the general public, and to comprehensively improve the legalization of national data protection work. , is of great significance.
The first is an important measure to build a national security legal system. The “14th Five-Year Plan” proposes to speed up data legislation work on data security and personal information protection. Data security is directly related to national security and economic security. The Party Central Committee attaches great importance to this and has made a series of arrangements to strengthen data security and promote digital development. The formulation and implementation of the “Data Security Law” is of great significance for accelerating the construction of the data rule of law and improving the national security legal system.
The second is an important measure to safeguard national security and the interests of the people. Data is the country’s basic strategic resource and core competitiveness. As the basic law in the field of data security, the “Data Security Law” implements the overall national security concept, focuses on hidden risks in the field of data security, establishes a national data security work coordination mechanism, establishes data security risk assessment, reporting, information sharing, monitoring and early warning Establish a data security emergency response mechanism, establish basic systems such as data security review, and strengthen the protection of national interests, public interests, and the legitimate rights and interests of individuals and organizations.
The “Data Security Law” further enhances the national data security guarantee system and capacity building, promotes the formation of a new pattern of data governance that is safe, orderly, fair and reasonable, effectively and comprehensively safeguards national sovereignty, security and development interests, and allows the people to enjoy the benefits of informatization development. More sense of gain, happiness, and security.
The third is an important measure to promote the high-quality development of the digital economy. Humanity has fully entered the era of digital economy, and data, as a new factor of production, has become the core foundation of the digital economy. Security is the premise of development, development is the guarantee of security, and data security is the foundation for the healthy development of the digital economy. The “Data Security Law” adheres to the unity of innovation and development and ensuring security. While regulating data activities, it strives to create a favorable environment for technological innovation and industrial development in the digital economy, and promote the high-quality development of the digital economy with data as the key element.
A few days ago, the “Data Security Law of the People’s Republic of China” (hereinafter referred to as the “Data Security Law”) was officially passed and promulgated, and will come into force on September 1, 2021. What are the highlights of this law? What signals are revealed? What’s the significance? Communication Jun invites 5 experts to interpret it for you.
Shen Changxiang
member of China Engineering Academy
The “14th Five-Year Plan” proposes to activate the potential of data elements, promote the construction of a strong network country, accelerate the construction of a digital economy, a digital society, and a digital government, and use digital transformation to drive changes in production methods, lifestyles, and governance methods as a whole.
Data has become an emerging factor of production, a basic and strategic resource for the country, and the need for data security has become more and more prominent. Strengthening the protection of data security is not only related to the interests of everyone and every organization, but also closely related to economic and social development and national security, and its security must be fully protected.
The promulgation of the “Data Security Law” will help to further enhance the national data security assurance capability, help strengthen my country’s response to national security risks and challenges caused by data, and help comprehensively safeguard national sovereignty, security and development interests.
To strengthen data security protection, we must adhere to active prevention, build a data-in-depth defense protection system based on hierarchical protection, and strengthen trusted immunity and active protection to ensure that data is credible, controllable, and manageable.
The first is to strengthen the overall protection of data resources, environment and systems, and to build a multi-protection and multi-level interconnected architecture to ensure the credibility of the data processing environment; the second is to strengthen the control of processing procedures, prevent internal attacks, and improve the self-immunity capability of computing nodes; It is to strengthen the security mechanism at the global level, formulate data control strategies, sort out the data processing process, and establish a new safe data processing model; the fourth is to strengthen the security management supported by the technology platform, based on the security strategy, and business processing, monitoring and daily management. The system is organically combined, and both technical management and whole-process management are implemented.
Li Fenghua
Second-level researcher of the Institute of Information Engineering, Chinese Academy of Sciences, director of the Seventh Applied Engineering Department
Data is a basic national strategic resource. The Data Security Law elevates data security to the level of national security, clarifies the scope of data, data processing, and data security, clarifies the main responsibility for data security protection, and regulates national administrative departments, The responsibilities and powers of enterprises and individuals lay the foundation for data security protection.
From the perspective of the full life cycle of data, the “Data Security Law” clarifies the data collection, storage, use, processing, transmission, provision, disclosure and other links, for the follow-up law enforcement inspection, standard formulation, enterprise data security protection, personal rights protection and other aspects have pointed out the direction, and will promote the application of relevant technical means in different links.
In order to further implement the “Data Security Law”, enterprises should strengthen the self-regulation of data security in the future, and the law enforcement supervision of the national administrative department should be organically combined with the self-regulation of enterprises to promote the orderly use of data.
It is necessary to strengthen the construction of the data security standard system, widely absorb the opinions of national administrative departments, enterprises, scientific research institutions and individuals, balance the concerns of various stakeholders, improve the effectiveness of law enforcement, promote the legal and compliant use of data by enterprises, reduce Enterprise protection costs, ensure that the protection of personal rights and interests is effective and traceable, fully mobilize the enthusiasm of all stakeholders in the whole society, and truly promote the effective implementation of the “Data Security Law”.
Li Jianhua
Dean and Professor, Institute of Cyber Security Technology, Shanghai Jiao Tong University
As my country’s first law related to data security, the “Data Security Law” has undergone three reviews and revisions since June 28, 2020. During this period, it has continued to attract widespread attention from all walks of life. The promulgation of this law marks that my country’s legal gap in the field of data security has been effectively filled, and the data security construction and supervision work of various industries in my country will enter a new era with laws to abide by and laws to abide by.
The “Data Security Law” clearly puts forward the work direction of promoting data security by insisting on data development and utilization and industrial development. specific requirements have been put forward. At the same time, further emphasis has been made on the construction of security mechanisms in the open sharing of government affairs data and the punishment for illegal crimes.
The “Data Security Law” not only clarifies the supervisory responsibilities of data security authorities, but also actively promotes the establishment and improvement of the data security collaborative governance system. The law has necessary expanded the scope of data protection, effectively enhanced the country’s ability to ensure data security, and will also significantly strengthen the security of data in the development, utilization, exit and free flow of other links, so as to effectively To improve the value of data utilization, it will also inject new power into the development and innovation of the digital economy.
The “Data Security Law” will vigorously promote the realization of the tasks and objectives of safeguarding national sovereignty, national security, and national interests, as well as safeguarding the legitimate rights and interests of all citizens and organizations in data. It will also become a powerful guarantee for the successful transformation and healthy and safe development of my country’s digital economy.
Huang Peng
Deputy Chief Engineer and Director of Information Policy Institute, National Industrial Information Security Development Research Center, Senior Engineer
The “Data Security Law” reflects the country’s high attention to the field of data security. Its main highlights include the following aspects:
The first is to pursue a dynamic balance between maintaining data security and guiding the development of the digital economy. The law focuses on prominent issues in the field of data security, and proposes data security systems, data security protection obligations, government data security and openness, etc., to ensure that data activities meet security requirements.
At the same time, the law incorporates the concept of developing the digital economy, promotes the open use of government data, uses data to improve the intelligence level of public services, and fosters a data trading market. Therefore, the law generally embodies the basic concept of the country’s overall development and security.
The second is to pay more attention to the construction of data security system. The law stipulates the data security system as a separate chapter, clearly proposes a data classification and grading protection system, determines the specific catalogue of important data, and proposes a new concept of core data. By clarifying data security risk assessment, reporting, information sharing, monitoring and early warning mechanism, emergency response mechanism, security review system, export control system, etc., strengthen the construction of internal control system to prevent and control data security risks.
The third is to strengthen the overall planning of national data security work, and determine the main body of industry security responsibility, supervision and overall coordination. The law re-clarifies the supervisory responsibilities, determines the main responsibilities of each region and each department, and the network information department plays the role of overall planning and coordination. Security agencies, etc. shall undertake the supervisory responsibilities within the relevant scope of responsibilities. By clarifying the overall coordination functions at the national level, ensure the effective implementation and implementation of subsequent national data security strategies and major guidelines and policies.
Fourth, increase penalties for data leakage activities that endanger national security. The law increases the penalties for violating the national core data management system, and imposes a fine of up to 10 million yuan for those who endanger national sovereignty, security and development interests and illegally provide important data overseas. Therefore, the law sets a basic “red line” for data security risks, and once a data breach endangers national security, it will face huge fines.
As the basic law in the data field, the “Data Security Law” is the legal basis for the national strategy of data elements. The future development of the data element market will truly have laws and rules to follow.
Jiang Wei
Deputy Director (in charge of the work), Researcher, Institute of Cyber Security, China Academy of Cyberspace
There can be no national security without data security. Data security has become a major issue related to national security, economic and social development, and the vital interests of the broad masses of the people. The formulation and implementation of the “Data Security Law” is the need to thoroughly implement the spirit of General Secretary Xi Jinping’s important instructions and the Party Central Committee’s decision-making and deployment, to safeguard national security and the vital interests of the general public, and to comprehensively improve the legalization of national data protection work. , is of great significance.
The first is an important measure to build a national security legal system. The “14th Five-Year Plan” proposes to speed up data legislation work on data security and personal information protection. Data security is directly related to national security and economic security. The Party Central Committee attaches great importance to this and has made a series of arrangements to strengthen data security and promote digital development. The formulation and implementation of the “Data Security Law” is of great significance for accelerating the construction of the data rule of law and improving the national security legal system.
The second is an important measure to safeguard national security and the interests of the people. Data is the country’s basic strategic resource and core competitiveness. As the basic law in the field of data security, the “Data Security Law” implements the overall national security concept, focuses on hidden risks in the field of data security, establishes a national data security work coordination mechanism, establishes data security risk assessment, reporting, information sharing, monitoring and early warning Establish a data security emergency response mechanism, establish basic systems such as data security review, and strengthen the protection of national interests, public interests, and the legitimate rights and interests of individuals and organizations.
The “Data Security Law” further enhances the national data security guarantee system and capacity building, promotes the formation of a new pattern of data governance that is safe, orderly, fair and reasonable, effectively and comprehensively safeguards national sovereignty, security and development interests, and allows the people to enjoy the benefits of informatization development. More sense of gain, happiness, and security.
The third is an important measure to promote the high-quality development of the digital economy. Humanity has fully entered the era of digital economy, and data, as a new factor of production, has become the core foundation of the digital economy. Security is the premise of development, development is the guarantee of security, and data security is the foundation for the healthy development of the digital economy. The “Data Security Law” adheres to the unity of innovation and development and ensuring security. While regulating data activities, it strives to create a favorable environment for technological innovation and industrial development in the digital economy, and promote the high-quality development of the digital economy with data as the key element.
The Links: SKKT 570/18 E FF400R07KE4
