This provides wide and varied opportunities to innovate, develop and test new technologies and solutions. Promising and proven international technologies will be of great interest to Chinese partners and buyers. The challenge is establishing partnerships in a way which delivers benefits for all parties.
Intellectual property protection is often viewed as a barrier to collaboration in China. In fact, China has developed an internationally competitive IP legal system. However, it is still critical to respond to the unique political, economic and regulatory nature of China. Many regulations impact the way intellectual property and intangible assets can be used in China. Cyber security and data management is one such legal framework.
The Cyber Security Law of the People’s Republic of China came into effect in 2017. It sets the overarching framework for China to manage its cyberspace, digital infrastructure and citizen’s personal information. The matrix of regulations below the law is still developing. Data is just one (albeit important) area that is covered.
Given the importance of data in creating solutions, it is critical to understand the regulatory requirements as they stand, especially in the context of R&D and commercialisation. Detailed information is not readily available and the evolving landscape creates uncertainty. Based on my experience working with businesses and research institutes, some common issues remain. These are data classification, cross border transfer, and establishing ownership and usage rights.
Data classification in China
Data types most relevant to international cooperation include important, personal, scientific and free data. The first two carry the greatest burdens and require the most care. Understanding the definitions explains China’s way of thinking. This can be different from ours. My favourite example? Maps. These are considered sensitive in China.
There is no set legal definition for important data but is often classified as important if it is leaked and results in the destabilisation of security and disrupts Chinese economic growth or the public interest. You might be surprised by the broad coverage which includes geographical and health data. For example, surveying, remote sensing and metrological data can be sensitive and in general, must be owned by a Chinese entity. Therefore, unless using licenced or publicly available data a Chinese entity may be essential.
Personal information is considered sensitive when it identifies individuals. There are specific rules determining storage, use and consent. Some are still in draft and likely to develop significantly.
Scientific data is less challenging but require awareness. It includes raw and derivative data produced from basic and applied research, including pilot and commercialisation activities. Within the category, individual datasets can still be classified as state secrets, important or free data. Seek support from Chinese partners to understand data types, approval processes and requirements.
Where the Chinese government has funded activity or state secrets, where state security or social pubic interests are involved, scientific data must be submitted to a national data centre. Chinese government funding can be interpreted broadly and may include university funding. If data is deemed unsensitive it will be made publicly available and control over the data could be lost. Consideration needs to be given to protecting data and IP rights.
Free data is, as the name suggests, publicly available. It is not controlled and can be used without restrictions.
Cross border data transfer
Cross border data transfer has become more challenging with the emergence of the Cyber Security Law. This states data generated in China stays in China. Important and sensitive data is subject to Chinese government security review before transfer. Although details of the process are currently unknown. Hosting the data on a server in China and accessing it from abroad will not bypass the regulations. It is still considered to be cross border transfer. To develop a solution, the flow and content of data must be examined in detail.
Ownership and usage rights
Establishing ownership, usage and access rights for data used or created during collaborations is critical. Be sure to cover all data points, raw and derivative, algorithms, models and results from the analysis. Unless explicitly stated, the legal default is joint ownership of data. This should be avoided. It creates complications. To use the data outside of the collaboration, you would need the consent of Chinese partners. Clear stipulations on these issues and how each party can benefit from the data during and after the collaboration will help manage potential conflicts. This is particularly important when conducting commercialisation and seeking ownership of future technologies.
While the data landscape in China is complicated it should not halt collaboration. Build knowledge and stay up to date with the evolving legal landscape. Adapt your approach, understand the data, sensitivities and adhere to requirements. Focus on noncontentious data. Actively manage collaborations ensuring a rigorous approach to data and risk management.