China’s New Data Security Law

11 November 2021

China’s new Data Security Law (“Law”) took effect on September 1, 2021. It will enhance an existing legal framework for information and data security in China. It applies to a wide range of data and data activities and has extraterritorial jurisdiction.


Seeking to strengthen the current protection regime for the country’s fast-growing digital economy, the Law stipulates how data is used, collected, developed, and protected in China. Data is a basic and strategic resource of China. The law will play an important role in implementing data security and safeguard the core interests of China.


The primary purpose of the Law is to regulate data activities, safeguard data security, promote data development and usage, protect individuals and entities’ legitimate rights and interests, and safeguard state sovereignty, state security, and development interests.


The Law sets out the responsibilities of organisations handling data. It provides for hefty fines for a range of offences including data leaks and failing to verify the identity of buyers or sellers of data. Its scope is extensive and includes data stored and handled within China’s borders as well as data abroad.


Organisations and individuals are not permitted to provide information to overseas law enforcement agencies without prior permission.