Shanghai’s data flow centre walks the talk, promises international standards, but China’s foreign firms need ‘faster, wider roll-out’
In a step towards freer cross-border data flows and to address the concerns of foreign businesses, Shanghai inaugurated a major data flow service centre in the Lingang free-trade zone on Sunday, with pledges to adopt internationally recognised standards.
The centre will seek data cooperation agreements with Singapore and New Zealand, as well as countries involved in Brics economic cooperation bloc and Beijing’s signature Belt and Road Initiative, with applications including electronic invoices and proof of payments, blockchain and digital identity mutual recognition.
On top of aligning with international practices, additional data flow scenarios are being trialled in Lingang, including “easier access” to overseas websites for foreigners who have checked into a designated hotel, as well as streamlined data exchanges for healthcare companies without the need to share raw data or sensitive personal information, according to the Jiefang Daily newspaper.
“It will explore ways to elevate services to match standards set out in the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and the Digital Economy Partnership Agreement (DEPA),” Ding Rui, the centre’s director, told the newspaper, which is the official daily newspaper of the Shanghai committee of the Communist Party.
China’s Asia-Pacific trade deal, digital economy pact bids backed by New Zealand
China’s Asia-Pacific trade deal, digital economy pact bids backed by New Zealand
The centre is the first of its kind set up by Shanghai’s cyberspace administration to help entities navigate requirements for compliance at “minimal costs and time,” Ding added.
However, the vetting power would be held by the cyberspace watchdog, and the centre could only advise businesses and submit applications on their behalf.
China’s onerous, opaque data security structures that limit or prohibit outbound data transfers are perennial challenges facing foreign businesses.
Beijing has been pushed to loosen the shackles to balance security with business demands in its latest charm offensive to reassure and retain foreign firms amid a slump in foreign investment and an exodus of existing firms.
Gradual relaxation is a welcome move, walking the talk of Beijing’s pro-business rhetoric
In recent weeks, President Xi Jinping and other leaders have received foreign business delegations, sending the clearest message yet that the world’s second-largest economy is open for business and working to address concerns and complaints.
Having incorporated feedback from a public consultation, the Cyberspace Administration of China published the long-awaited rules on facilitating and standardising cross-border data flows in March, with some relaxations including exemptions for certain scenarios and the flexibility for areas like Lingang to publish negative lists to simplify procedures.
And the new centre in Lingang is set to be at the forefront of data classification and formulation of lists and protocols to handle important data.
“Gradual relaxation is a welcome move, walking the talk of Beijing’s pro-business rhetoric, but foreign firms want implementation details and faster, wider roll-out,” said Yan Shaohua, an international studies researcher at Fudan University in Shanghai.
“They want to see how the Lingang centre will benchmark services against CPTPP and DEPA standards.”
Tesla, Porsche chip in as Shanghai allays cross-border data flow ‘sore point’
Tesla, Porsche chip in as Shanghai allays cross-border data flow ‘sore point’
The high-level CPTPP Asia-Pacific trade deal includes binding provisions restricting data localisation and imposing requirements on cross-border transfer.
It also prohibits a member from requiring a business to use or locate computing facilities in the territory as a condition for conducting business.
China has applied to join the CPTPP and DEPA, but clauses concerning data transfer and the location of computing facilities have been flagged as the most problematic areas, said Zhao Jingwu, a law professor at Beihang University in Beijing, said in a report.
Fudan’s Yan added his survey of European companies in Shanghai found many were unsure if widely-deployed workarounds for easier data transfer and access, like the use of VPNs to circumvent China’s Great Firewall, would attract fines or punishments.
China’s ill-defined digital and data security laws mean uncertainty for years
“If the hotel room scenario for expats to access foreign websites is allowed, can the trial be expanded to workplaces?” asked Yan.
A 2023 survey by the American Chamber of Commerce in Shanghai showed 70 per cent of the 325 respondents labelled data transfer and processing restrictions, and other cybersecurity requirements, as a hindrance to business and the top regulatory challenge.
“China’s ill-defined digital and data security laws mean uncertainty for years, with significant confusion around interpretation and enforcement remain. Companies have been frustrated by the resultant operational inefficiencies and compliance costs,” the report said.
Shanghai, though, hopes the centre in Lingang can take the lead in experimenting with data flows for industries, including biomedicine, intelligent connected vehicles and financial management, as well as shipping and trade.
In January, Lingang announced a plan for a three-tiered regulation regime, with Tesla and Porsche’s China sales arm among the foreign businesses asked for their opinions.
