3 FALL 2024 NO.88 / THOUGHT LEADERSHIP BRIEF An important characteristic of data governance in Shenzhen is the active involvement of technological businesses, namely Tencent. They frequently engage in data governance by constructing data platforms and assuming responsibility for their upkeep and repair. These technological organizations have greatly enhanced the capacity and efficiency of smart city systems with their superior data analytics and artificial intelligence technology. It is important to closely monitor and regulate their access to sensitive data. The government faces a critical challenge in finding a balance between exploiting the data processing technologies of digital businesses and safeguarding sensitive data from potential misuse by these private entities. Initially, China’s institutional arrangements for data security and privacy protection were inadequate. In response to this difficulty, the government has implemented a set of laws and regulations aimed at ensuring data security and safeguarding privacy. In September 2021, the Cyberspace Administration of China introduced the Data Security Law. This law offers legal safeguards for personal information and critical data, in contrast to the Cybersecurity Law enacted in 2016. The Data Security Law encompasses all aspects of data governance across its entire lifecycle, encompassing the collecting, storage, transmission, processing, and utilization of data, as well as the safeguarding, oversight, and management of data security. This law has implemented a data security framework that categorizes data based on its classifications and levels of importance. It is crucial, however, to establish effective mechanisms for regulating the government’s power in data governance. The laws and regulations are unclear in determining and supervising whether the government misuses the gathered data or infringes upon personal privacy. While it is necessary for public authorities to acquire agreement from citizens prior to collecting or utilizing their data, this alone would not be adequate to limit the power of the government. Due to the lack of transparency in the data acquisition and management process, it would be challenging to effectively detect or prosecute any wrongdoing in practice. Regulatory ambiguity makes it unclear how rigorously the law will be enforced and what repercussions will be imposed to safeguard citizens’ privacy. A major challenge in data governance is motivating stakeholders to collaborate and utilize data for diverse applications, including economic and social objectives. It is important to clearly define the conditions and requirements for data handling to assure data users that their data assets will be protected. The Shenzhen municipal government released the Data Regulations of Shenzhen Special Economic Zone in July 2021. This legislation has provided a structure for data markets to facilitate the flow of data, together with additional details on the categorization of data. For example, the rule differentiates between government data and public data, which encompasses a wide range of information collected, generated, recorded, or stored in a specific format by government agencies when delivering public services. Regardless of whether data is managed internally by government departments or obtained from private sectors, it can be considered public data as long as it is utilized for public objectives. The data regulation also includes provisions that outline the rights of stakeholders in society regarding data. Specifically, personality rights have been established to empower individuals in managing the commercialization of their personal data. It remains uncertain whether individuals are entitled to receive benefits from transactions involving their personal data. Data corporations usually possess the legal authority to collect and own the data they gather and the copyright over the data they generate. Furthermore, the definition of personal data would vary across different rules and regulations. This could create confusion among private firms when adopting data security management and privacy protection and hinder the sharing and utilization of data to foster innovation. Additional clarification is also needed regarding the appropriate amount the government should pay for data obtained from other organizations and the feasibility of providing data services that combine governmentowned data with data from private firms.
RkJQdWJsaXNoZXIy NDk5Njg=