European firms urge China to give more clarity on data transfer laws

By Joe Cash

BEIJING (Reuters) – European firms “urgently” need China to give clearer definitions of key terms in its cross-border data transfer rules, a European business lobby group said on Wednesday, warning firms also stood to waste millions of euros storing non-sensitive data in China.

The European Chamber of Commerce in China called on authorities to “provide precise definitions for both ‘important data’ and ‘personal information,'” as outlined in their rules, and also urged that a proposed relaxation of certain aspects of regulations announced in September be finalised as soon as possible.

The world’s second-largest economy has in recent years tightened its data laws amid President Xi Jinping’s increased focus on national security, and foreign firms fear their lack of clarity could trip them up.

“Ever since the Cybersecurity Law was introduced in 2017, we have gone without a clear definition of ‘Important Data.’ That’s six years,” Stefan Bernhart, a chamber vice president, said at the launch of a report based on a member survey on the impact of China’s data regulations.

BASF , Maersk , Siemens , and Volkswagen are among the members of the chamber.

“Many of the laws, guidelines and measures lack specificity, which poses serious operational and compliance challenges to European companies operating in China,” the report read, adding requirements like “regulatory security assessment thresholds” were too low, “especially for larger multinational companies.”

Jitters among foreign investors in China have risen over the past year due to a series of corporate raids, predominantly on consultancies and due diligence firms.

“Questions about whether or not I am on the right side of the law can be a huge, huge challenge,” Bernhart said, adding that it could make smaller firms in particular reconsider investing in China.

The chamber’s report echoes recent comments from a European Commission official, who said in September that European businesses were especially concerned about a lack of clarity in China’s data laws.

China in the same month also said it was considering waiving data export security assessments for activities such as international trade, academic cooperation, cross-border manufacturing and marketing that do not contain personal information or important data, a move that was welcomed by foreign business chambers and lawyers.

“The release of the draft … was seen as a signal from the Chinese Government that it is listening to businesses’ concerns and is ready to take steps to address them. Companies are waiting eagerly for these positive signals to be translated into action,” the chamber said, adding that its members anticipated the draft revisions would be finalised by the end of November.

The most common type of data European firms transfer abroad is employee’s personal information followed by suppliers’ and customers’ personal information, the survey showed, 96% of which is sent to companies’ headquarters and other regional offices.

A third of companies indicated it would cost them “several million euros” to store their data in China if they failed the cross-border transfer security assessment now required by CAC. More than 10 percent of firms said it would cost them “hundreds of millions of euros.”

Only 6% of respondents indicated that they transferred ‘important data’ overseas, the chamber said.

($1 = 0.9322 euros)

(Additional reporting by Brenda Goh; Editing by Kim Coghill)