Hogan Lovells - Asia-Pacific Data, Privacy and Cybersecurity Guide 2025 - Flipbook - Page 20
20
· Data related to the security of overseas
energy resources, the security of strategic
sea lanes, and the safety of overseas citizens
and legal persons, or which could be used to
implement damage to China’s participation
in international economic and trade, cultural
exchanges, or to impose discriminatory
prohibitions, restrictions or other similar
measures on China, such as data describing
the production and transactions of special
items for international trade and the
equipping, use and maintenance of
special equipment;
· Data related to China’s actual or potential
interests in strategic new areas, including
outer space, the deep sea, and the polar
regions, such as undisclosed data related
to scientific research, development and
utilisation of outer space, the deep sea and
the polar regions, as well as data affecting
the safe passage of personnel in the
aforementioned areas.
· Data reflecting the research, development
and application of biotechnology, reflecting
ethnic group characteristics and genetic
information, related to major infectious
diseases, animal and plant epidemics,
biological laboratory safety, or which could
be used to create biological weapons or carry
out biological terrorist attacks, or related to
invasive alien species and biodiversity, such
as important biological resource data and
basic research data on microbial resistance;
· Data reflecting the overall situation or key
areas of economic operation and financial
activity, related to industrial competitiveness,
which may cause public safety incidents
or affect the safety of citizens’ lives, and
may trigger mass activities or affect
group emotions and perceptions, such as
undisclosed statistical data and the trade
secrets of key enterprises;
· Data reflecting the physical condition of the
national or regional population’s health,
Hogan Lovells
related to the spread and prevention of
disease, and related to food and drug safety,
such as data involving healthcare resources,
diagnosis and treatment mass population
and health management, disease control and
prevention, health rescue and protection,
specific drug experiments, and food
safety traceability;
· Other data which may affect the security of
the homeland, military, economy, culture,
society, technology, electromagnetic
space, network, ecology, resources, nuclear,
overseas interests, space, polar regions, deep
sea, biology, artificial intelligence, etc.;
· Other data which may cause serious harm
to economic operations, social order, or the
public interest.
Other than the above, there are also certain
industry regulations and “negative data lists”
(which outline the scope of important data
applicable to organisations located in free
trade zones) that could shed some light on
determining if certain types of data involved in
the organisations’ business will be identified as
important data.
The vagueness of the provisions relating
to important data and core data has been
troubling for multinational businesses seeking
to comply with the requirements of the DSL.
We expect to see further movement in 2025
as more industry regulators move to develop
catalogues of importance. The Ministry
of Industry and Information Technology
(MIIT) has implemented its Measures for
Data Security Management in the Field
of Industry and Information Technology
(Trial Implementation), with effect from
January 1, 2023. These measures call for data
classification, including the identification of
important data in the telecommunications
and industrial sector. The Measures for
Data Security Management of Banking and
Insurance Institutions, issued on December 27,
2024, by the National Financial Regulatory
