According to a press release from China's CAC, China and the EU have held their first dialogue on cross-border data flow, an issue that has left companies on both sides in a state of confusion.
On December 7, 2023, the 24th China-EU Leaders’ Meeting was successfully held in Beijing. President Xi Jinping met with European Council President Charles Michel and European Commission President Ursula von der Leyen. Premier Li Qiang co-chaired the meeting. The two sides agreed to hold new rounds of high-level dialogues in areas such as strategy, trade, green development, and digitalization. One notable achievement in the digital area was the establishment of the China-EU Cross-Border Data Flow Exchange Mechanism.
Von der Leyen took a positive view on the establishment of the mechanism in an interview with Caixin, saying, "We very much welcome that China is now willing to establish a mechanism to clarify these rules. This is a big step forward for European companies in China. What is important next is to see specific progress after hearing statements in this regard."
The first bilateral dialogue under the China-EU Cross-Border Data Flow Exchange Mechanism, held behind closed doors and online, included representatives from China’s Cyberspace Administration, Ministry of Foreign Affairs, Ministry of Commerce, Ministry of Industry and Information Technology, and National Data Bureau. On the EU side, representatives came from the Directorate-General for Trade, Directorate-General for Justice and Consumers, Directorate-General for Communications Networks, Content and Technology, and the EU Delegation to China.
The dialogue likely focused on expressing the difficulties and demands of companies on both sides regarding cross-border data flow. The EU's primary concern is likely the difficulty of data transfer for European companies operating in China. Meanwhile, China may have raised issues about the stringent GDPR requirements and the lack of recognition of China as a country with adequate data protection, which they view as a bit discriminatory.
It appears that China is taking a more proactive approach, aiming to establish communication mechanisms with the EU and its member states to clarify Chinese laws and reflect the difficulties Chinese companies face. Although no concrete results were achieved, this constructive attitude is commendable. However, the outcome largely depends on how the EU views and acts on these discussions.
My translation of the CAC press release:
On August 27, the first meeting of the China-EU Data Cross-Border Flow Exchange Mechanism was held via video conference. The event was co-chaired by Wang Jingtao, Deputy Director of China's Cyberspace Administration, and Sabine Weyand, Director-General of the European Commission’s Directorate-General for Trade. Both sides officially announced the establishment of the China-EU Data Cross-Border Flow Exchange Mechanism. The meeting included open and constructive discussions on data cross-border flow issues and regulatory frameworks, with representatives from relevant Chinese and EU government departments participating.
The China-EU Data Cross-Border Flow Exchange Mechanism, led by the Cyberspace Administration of China and the EU Commission’s Directorate-General for Trade, aims to facilitate communication and promote the smooth flow of data across borders through regular meetings and exchanges on related policies and practices.
The EU’s press release indicated that they are paying more attention to the free flow of non-personal data, particularly those in the finance and insurance, pharma, automotive, and information and communication technology (ICT) sectors. They also complained about the vague conception of “important data” under China’s current data protection regime.
The scope of "important data" also confuses Chinese companies. The CAC is providing detailed guidance on "important data," aiming to bring more transparency to companies on the compliance level, but progress so far is very limited. An updated outbound data flow rule released last year clarified that companies that have not received official notification saying they have "important data" are not "important data" holders.
EU and China launch cross-border data flows communication mechanism
Yesterday (27 August), the EU and China launched the first discussions under the new Cross-Border Data Flow Communication Mechanism.
The mechanism is a deliverable of the political agreement reached in 2023 between Vice-President Jourová and Vice-Premier Zhang Guoqing at the EU-China High-Level Digital Dialogue, as well as at the EU-China High-Level Economic and Trade Dialogue between Executive Vice-President Dombrovskis and Vice-Premier He Lifeng. It aims at finding ways to facilitate cross-border transfers of non-personal data for European businesses, as well as their compliance with Chinese data laws. This issue was also raised by President von der Leyen and President of the European Council, Charles Michel, in their December 2023 meeting with China's President, Xi Jinping, followed by an exchange with China's Premier, Li Qiang, in the context of the last EU-China Summit.
At the inaugural formal meeting of the new Mechanism - the first cooperation structure of its kind between the two sides – the EU expressed its objective of addressing concrete concerns raised by EU businesses in China regarding cross-border flows of non-personal data.
Data flows are essential to trade. A significant part of the EU-China foreign direct investment stock depends on companies' ability to manage their data across borders. This is particularly relevant for sectors such as finance and insurance, pharma, automotive and information and communication technology (ICT). Cross-border data flows are key for research & development activities, and essential for business to thrive.
In recent years, European businesses in China have faced increasing uncertainty and difficulties to export data from China. They have been specifically concerned about the systematic application of security approvals to exports of all ‘important data', following the 2022 adoption of the law on Measures for Data Export Security Assessment. This concern has been further exacerbated by uncertainty as to what constitutes ‘important data' as the concept has so far been only vaguely defined and applied in a far-reaching manner. Cross-border data transfer restrictions are also a major contributing factor to a declining confidence of European investors in China.
Further engagement is foreseen at expert and technical levels with a view to review progress at the political level at the next appropriate occasion.
Notably, Germany and China signed an MOU in June with the intent of discussing cross-border data transfer. The wording of the MOU was very plain and brought nothing substantial. However, even something like this, the Wissing (FDP), German minister, who signed this with China, was criticized by his German colleagues, including Scholz, for acting alone and without sufficient consultation with other ministries. Both sides initially agreed that the MOU should not be disclosed. But the German text was obtained and made public by Politico, and it has been translated it into Chinese.
As I can see from the content, China's CAC and the German Ministry of Digital and Transport (BMDV) are to establish a dialogue on China-Germany data policies and laws. There is no substantial agreement on the specific rules of data sharing in the MOU, but issues such as China's National Intelligence Law are very likely to be discussed. Maybe the first bilateral dialogue on cross-border data flow between China and Germany is on the way!