International Engagement and Diplomacy

[rabiakhatun939]

The Cyberspace Administration of China (CAC) plays a pivotal role in shaping and enforcing China's overseas data governance framework. As the central authority overseeing internet regulation, cybersecurity, and data governance, the CAC's responsibilities encompass both domestic oversight and the regulation of cross-border data flows.

Regulatory Framework and Oversight

The CAC has established a comprehensive legal framework to manage data transfers beyond China's borders. Key legislations include the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law. These laws mandate that data processors conduct security assessments for cross-border data transfers, especially when dealing with "important data" or significant volumes of personal information. For instance, data handlers transferring personal information of over 1 million individuals or sensitive personal information of over 10,000 individuals annually are required to undergo security evaluations.
Reuters

In March 2024, the CAC introduced the "Regulations on chinese overseas europe database Promoting and Regulating Cross-Border Data Flows," which clarified scenarios exempt from security assessments. These exemptions include data transfers for international trade, academic cooperation, and human resources management, provided the data does not contain personal or important information. Additionally, Free Trade Zones are permitted to establish their own negative lists, allowing for more flexible data transfer arrangements within these zones.
State Council of China


Recognizing the global nature of data governance, the CAC actively engages in international dialogues to harmonize data transfer regulations. In August 2024, the European Union and China launched the Cross-Border Data Flow Communication Mechanism, aiming to address challenges European companies face regarding data transfers in China. This initiative seeks to facilitate the lawful and secure flow of non-personal data between the two regions.
and Economic Security

Furthermore, the CAC has signed declarations with countries like Germany to discuss cross-border data transfers, particularly in sectors such as automotive manufacturing. These agreements aim to establish mechanisms for ongoing dialogue and mutual understanding of data policies.
Reuters

Challenges and Global Implications

Despite these efforts, China's stringent data protection laws have raised concerns among international stakeholders. Major European research funding agencies, including the German Research Foundation and the Swedish Research Council, have suspended collaborative projects with China due to ambiguities in the Data Security Law. The law's lack of clear definitions for "important data" and the requirement for government approval before sharing such data with foreign entities have created legal uncertainties, hindering international research collaborations.
Reuters

Financial institutions have also expressed concerns. Executives from Neuberger Berman and Citi have called for China to further relax its data export regulations, emphasizing the importance of cross-border data sharing for global research and operational management.
Reuters


The Cyberspace Administration of China plays a central role in overseas data governance by establishing regulatory frameworks, overseeing cross-border data transfers, and engaging in international dialogues to harmonize data policies. While efforts have been made to clarify regulations and facilitate data flows, challenges remain, particularly concerning legal ambiguities and international collaboration. As global data governance continues to evolve, the CAC's actions will significantly influence China's integration into the international digital landscape.