Data Security File. MSS issues a statement on its WeChat account on December 1, urging caution over sharing sensitive information online without declassification or risk evaluation. Such information may serve as a major source of open-source intelligence for foreign espionage agencies, which may potentially endanger national security. Photo: VCG

Six Chinese government departments on Wednesday released an action plan to crack down on illegal data collection, sales and distribution, targeting black and gray markets, in a bid to shore up internet data security. 

The plan, jointly issued by the National Development and Reform Commission (NDRC) and other agencies, outlines measures to improve the security of data circulation and promote the market-oriented value of data, aiming to better balance economic development and national security, according to a document seen on the NDRC's official website. 

The action plan also envisions that by the end of 2027, a secure governance framework for data circulation — featuring clear regulations, a thriving industry and multi-stakeholder collaboration — will be largely phased in, laying the foundation for a dynamic data market and the unlocking of the value of data.

Seven key tasks are outlined in the plan, including clarifying rules for corporate data circulation safety, tightening public data security management and safeguarding personal data circulation. It also emphasizes the need to define data security responsibilities and enhance the use of security technology.  

A major focus is to prevent data misuse by cracking down on illegal data collection, sale and distribution, aiming to strengthen protection for sensitive personal information and restrict the unauthorized use of personal data.  

Authorities will penalize companies using data for monopolistic or unfair competition purposes so as to protect market fairness and stakeholder rights. Enhanced monitoring of data security risks in key industries will be implemented, per the document.

The proposal calls for stronger interdepartmental coordination in data security enforcement, as well as promoting information sharing and joint actions to improve regulatory efficiency and address sector risks.  

The plan highlights the importance of safeguarding personal data rights, by mandating explicit consent or anonymization for data circulation. It strictly prohibits obtaining consent through coercion, deception or misleading practices.

It calls for the establishment of standardized anonymization protocols and encourages the use of national identity authentication services to enhance personal data protection. It also aims to improve channels for reporting and addressing data misuse complaints.

The latest move adds to China's ongoing effort to balance economic growth with privacy safeguards and national security protection, paving the way for a reliable and sustainable digital economy, analysts said.

A day earlier, the Ministry of Industry and Information Technology released a notice on enhancing data security protection for customers of internet data centers, which are large-scale facilities designed for the storage, processing, management and distribution of internet-related data and applications. 

Global Times