On March 7, 2023, during the annual National People’s Congress (“NPC”) sessions, China’s State Council revealed its plan to establish a National Data Bureau (NDB) as part of a broader reorganization of government agencies. The plan is being deliberated by the NPC and is expected to be finalized soon.
According to the draft plan, the new National Data Bureau will be a deputy ministry-level agency under the National Development and Reform Commission (“NDRC”), China’s main economic planning agency responsible for industrial policies. The new bureau will be responsible for, among other thematic areas, “coordinating the integration, sharing, development, and utilization of data resources,” and “pushing forward the planning and building of a Digital China, a digital economy, and a digital society.”
The plan specifies the new agency will take over certain portfolios currently managed by the Communist Party’s Central Cyberspace Affairs Commission (the party organ that supervises the Cyberspace Administration of China, or “CAC”) and the NDRC. Specifically, the NDB will assume responsibility for “coordinating the development, utilization, and sharing of important national data resources, and promoting the exchange of data resources across industries and across departments,” a function currently performed by CAC. The NDB will also absorb the NDRC teams responsible for promoting the development of the digital economy and implementing the national “big data” strategy.
The establishment of the NDB will mark an important step in the implementation of several recent Communist Party Central Committee and State Council policy documents on promoting the digital economy, including Opinions on Building Fundamental Rules Related to Data to Better Utilize Data Factors. This document, issued in December 2022, instructed government agencies to enact legislation and regulations to facilitate efficient utilization of data, while also ensuring the compliance of data processing activities. With the establishment of this new agency, we expect to see more regulation and policies to strengthen the nation’s digital infrastructure and to promote large-scale data utilization.
Data security, cybersecurity and personal information protection are, however, not expected to fall into the new agency’s purview. Companies will, therefore, face another regulator in addition to various regulators they must already work with when complying with existing Chinese laws, such as the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law. How agencies such as the CAC and Ministry of Industry and Information Technology will interact with this new agency should therefore be watched closely.