Trade: EU and China want to improve cross-border data flows

The EU and China began talks on cross-border data exchange on Tuesday. The aim is to make it easier for European companies to transfer non-personal data and comply with Chinese data laws. This involves, for example, measured values that are generated when machines are used, as well as other industrial data. Recently, however, European companies in China have been increasingly confronted with uncertainties and difficulties when exporting such information. They are particularly concerned about the systematic application of security licenses to the export of all "important data".

This elastic clause can be found in a law on the security assessment of data exports, which was passed by the relevant Chinese committees in 2022. According to the EU Commission, many companies have since been unsure which data is actually affected. Although China has only vaguely defined the concept, the authorities there have applied it extensively. According to the EU Commission, the associated restrictions on cross-border data transfer between the two regions are also "an important factor in the dwindling confidence of European investors in China".

Commission President Ursula von der Leyen and the President of the European Council, Charles Michel, addressed the sensitive issue at their meeting with Chinese President Xi Jinping in December 2023. Commissioners agreed on a new dialog procedure at meetings with Chinese Vice-Premiers last year. Both sides are now planning to hold further talks at expert and technical level in order to "review progress at political level at the next opportunity".

Data flows as the lifeblood of the digital economy

Data flows are essential for trade, explains the Commission. A significant proportion of foreign direct investment between the EU and China depends on companies being able to manage their data across borders. This applies in particular to sectors such as information and communication technology (ICT), finance and insurance, as well as the pharmaceutical and automotive industries. International data transfers are crucial for research and development activities in particular and are essential for the growth of companies.

In the EU and countries outside of China, there are in principle only a few requirements for the transfer of non-personal data. Unlike personal information, it is not covered by the General Data Protection Regulation ( GDPR). To facilitate the transfer of personal data, the Commission has issued adequacy decisions for countries such as the UK, Argentina, Israel, Canada, New Zealand, Switzerland and Uruguay. It thus certifies that the level of data protection in these countries is similar to that of the GDPR. Following the end of the Privacy Shield, the Commission also reopened transfers to the USA in mid-2023 with the EU-US data protection framework. Otherwise, there is the instrument of standard contractual clauses.

(vbr)