On the morning of October 10, the State Council Information Office held a press conference to discuss the development and utilization of public data resources. Zhang Wang, the Director of the Data Resource Division at the National Data Bureau, highlighted the critical need to integrate security measures and rights protection throughout the entire process of developing and utilizing public data. He stressed that this approach is vital to safeguarding the rights of all stakeholders and minimizing various data risks, ultimately enhancing the sense of benefit and security for businesses and the public alike.
The day before, on October 9, the “Opinions of the General Offices of the CPC Central Committee and the State Council on Accelerating the Development and Utilization of Public Data Resources” was released publicly, igniting considerable interest across multiple sectors.
During the conference, a journalist raised a significant concern regarding the presence of personal information in many public data resources. The reporter asked, “What steps can be taken to ensure that the development and utilization of public data resources won’t compromise citizens’ personal information and privacy? What specific measures are included in the ‘Opinions’ to address these issues?”
Zhang responded by acknowledging that data security is a pressing concern for everyone. He elaborated that while promoting the development and utilization of public data resources is essential, it must also prioritize safety and security. He stated, “The greater the depth of data resource development and utilization, the more imperative it becomes to bolster data security and protection of personal information.”
The “Opinions” underscore the significance of fostering orderly development and utilization while simultaneously ensuring national data security, protecting personal information, and safeguarding commercial secrets. Specifically, they reaffirm that sensitive public data should not be publicly accessible, and that original public data cannot enter the market without appropriate legal frameworks. Unauthorized excessive usage of data by operational entities is strictly prohibited. The “Opinions” outline requirements in three main areas: institutional development, capacity building, and process management.
Regarding institutional development, the “Opinions” direct regions and departments to bolster their overall management of authorized operations. They are encouraged to establish and enhance systems for data classification, risk evaluation, monitoring and early warning, as well as emergency response. Safety risk assessments for utilizing public data and standard business examinations are required. Data management entities must provide guidance and oversight, while operational institutions are held responsible for ensuring data security and implementing necessary protective measures. For public data that includes personal information, strict adherence to the Personal Information Protection Law is mandated, along with measures for data de-identification and anonymization to prevent breaches of individuals’ information rights.
On the technological side, the “Opinions” advocate for the development of diverse data products, such as data models and evaluation indices, aimed at managing the emerging safety risks associated with advancements in data technology. They promote strategies where “raw data does not leave its domain, while data remains usable yet unseen,” thereby ensuring both data security and effective personal information protection. The government will also support innovations in data encryption, secure circulation, and governance technologies to better address safety concerns linked to data utilization.
In terms of overall process management, there’s a concerted effort to enhance safety capacity across all stages of public data resource supply, processing, and operational management. This focus aims to ensure that the development and utilization processes are manageable, controllable, and traceable, particularly by improving the identification and management of risks associated with data aggregation and correlation.
Zhang concluded by reiterating the importance of a cohesive strategy that combines institutional development, capacity enhancement, and process management. He assured that, in conjunction with relevant departments, safety measures and rights protection would remain integral to the entire process of public data resource development and utilization, thereby protecting the rights of all stakeholders, mitigating various data risks, and ultimately enhancing the sense of benefit and security for both enterprises and the public.
