China's central bank Photo: CFP

The People's Bank of China (PBC), the central bank, plans to introduce a data rating system and manage data accordingly to ensure targeted and differentiated data security management amid growing global cooperation as well as competition, according to a draft proposal released by the bank on Monday.

The draft is a legal document to implement the country's Data Security Law, aimed at better governing data related to the bank's scope of operations, the central bank said in a statement on its website.

Such businesses include cross-border yuan business, interbank trading, payment and clearing business, digital yuan business, credit ratings and anti-money-laundering efforts.

Experts said that the draft guideline is set to enhance transparency and better capture the value of data while aiming to guarantee data security.

Data collected during the course of supervision will be rated by markers to be set up by the central bank and categorized in three levels - normal, important and core - according to their accuracy, scale and impact on national security.

The practice aims to ensure targeted and differentiated data security management as well as the imposition of some technical measures.

The central bank said that the draft encourages data processors to facilitate data flows and innovation while ensuring data security and compliance.

Relatively sensitive data could see its sensitivity level downgraded after being anonymized, read the PBC statement.

Experts said that with the rapid development of fintech and digital infrastructure, the banking sector is one of the most digitalized industries in China. The feature means that the sector is at the same time a "rich mine" for data usage and a place where security risks loom.

"It also showed that the central bank aims to govern data with economically feasible methods while seeking more unobstructed data flows and also achieving security," Wang Peng, a research fellow at the Beijing Academy of Social Sciences, told the Global Times on Monday.

With laws including the Data Security Law, China requires key data to be stored within the country, and important cross-border data transfers require security reviews under certain circumstances.

The draft proposal stipulated that regulatory measures should not follow a "one-size-fits-all" approach.

In certain circumstances, data-governing measures could be relaxed by applying for internal review, or in a situation when data usage has a unified and clear-defined scenario.

In July 2022, China unveiled cross-border data review measures that require a security review for "important" offshore data transfers.

Experts said that cross-border data transfer has become a key topic in diplomacy and international trade as global trade is increasingly underpinned by cross-border data flows.

Data processors are banned from splitting or reducing the volume of data to avoid official security checks when the data is exported, according to the central bank guideline.

Zuo Xiaodong, vice president of the China Information Security Research Institute, told the Global Times on Monday that the guideline will stem efforts to avert due supervision, as some data processors shrink the size of their data packages to take advantage of the current review system.

In general, Zuo said that the rollout of the PBC guidelines will support the sector's transparency and sound development. It will take time for industry players to get accustomed to the new regulations.

The central bank is soliciting public opinions through August 24.