On June 1th, 221, the NPC Standing Committee deliberated and passed the Data Security Law of the People's Republic of China (hereinafter referred to as the Data Security Law), which came into effect on September 1st.

I. Concept

The Data Security Law is the first special law on data security in China, and it is also an important law in the field of national security.

II. Significance

As a part of the national security legal system, the data security law should not only solve the problem of insufficient supply of the existing data security system, but also meet the overall requirements of the overall national security concept and avoid excessive intervention in areas that should be regulated by other laws. Therefore, the data security law is a basic and framework law in the field of data security, which provides a basis for the formulation of supporting systems, norms and standards in various data fields.

iii. main contents

1. data security and development. At present, data has become one of the core production factors of China's digital economy, and its effective utilization is related to social and economic development, and at the same time it affects national security from micro to macro level.

2. Data security system. The Data Security Law defines six data security systems: (1) Data classification and classification and core data protection system. (2) Data security risk assessment and work coordination mechanism. (3) Data security emergency response mechanism. (4) Data security review system. (5) Data export control system. (6) the system of discrimination.

3. data security obligations. The data security law stipulates four types of data security obligations: (1) the security obligations of data processors. (2) obligations of data transaction intermediary service institutions. (3) Data support obligations of relevant organizations and individuals. (4) The obligation to provide data for cross-border judicial or law enforcement agencies for examination and approval.

4. Government data security and openness. The data security law makes corresponding provisions on the security and openness of government data. (1) government data security requirements. (2) Data security requirements of outsourcing government affairs system. (3) Requirements for opening government data.

5. legal responsibility. The data security law also provides corresponding penalties for data processors and data transaction intermediary service agencies who fail to fulfill their data security obligations, state staff who perform their duties in data security supervision, abuse of power and fraud, and illegal access to or abuse of data.