Attorney James Gong Examines Upcoming Regulations Related to Non-Personal Data

In 2025, companies doing business in China will face additional obligations when data protection audits become mandatory, setting a new benchmark for compliance with privacy laws. China is also expected to introduce regulations on non-personal data to establish a framework for ethical and secure data usage.

See Also: Critical Condition: How Qilin Ransomware Endangers Healthcare

"Companies must evaluate their data-handling practices and report their findings. However, the inherent risk of self-audits lies in potential biases," said James Gong, partner at Bird & Bird. To counter this, China proposed implementing standardized criteria and involving third-party oversight as needed.

China is also addressing protection of non-personal data such as aggregated datasets. The regulations aim to define frameworks for using aggregated data and mitigating risks of misuse. This approach seeks to ensure economic benefits from analytics without compromising ethical standards in data sharing, Gong said.

In this video interview with Information Security Media Group, Gong also discussed:

Gong is a partner at Bird & Bird and leads the China data protection and cybersecurity team. He has experience in advising cybersecurity and data protection as well as regulatory and transactional issues in the technology, media and telecommunications industries.