The National People’s Congress of China has approved the creation of a data authority, called the National Data Administration, during the recently wrapped March annual session. The NDA will help streamline data governance within China, which previously had been overseen by multiple agencies, including the Cyberspace Administration of China and the Ministry of Industry and Information Technology.
China has had two major data privacy laws come into effect over the past several years, with the Data Security Law passing in 2021 and then the comprehensive Personal Information Protection Law passing in late 2022. However, after PIPL passed, many privacy professionals had questions about how it would be enforced due to the administrative overlap within the country.
Thanks to the newly formed NDA, that question has been clarified a bit, with the organization responsible for, among other things:
- Setting and enforcing data collection and data sharing
- Restricting companies from collecting and transferring certain types of data abroad
- Investigating the use of algorithms in digital apps and products
- Monitoring data-security vulnerabilities