Skip to content
DCC · DATA COMPLIANCE CHINA China data law, for overseas counsel.
§ TAG · DATA-ECONOMY

Filed under data-economy

Every brief tagged "data-economy".

  • § 19 · DATA-PROPERTY-RIGHTS

    NDA Explains the Three-Rights Framework — A Plain-Language Walk-Through from the Regulator Itself

    The National Data Administration's official 政策解读 (policy interpretation) on the three-rights framework — the right to hold, the right to use, and the right to operate data — established by the Data 20 Articles. NDA walks through what each right means, illustrative scenarios (group-company data subsidiaries; hospital-pharma research pools; data-broker commission arrangements), how the rights relate to each other (independently severable; non-exclusive across parties for the same data), and why the structural-separation design was chosen over a unitary-ownership model. The clearest available statement of the regulator's own intent on the framework that anchors every downstream rule — data-resource registration, data-property-rights registration, FTZ data-circulation negative lists, on-floor / over-the-counter trading rules.

    data-property-rights · data-twenty · structural-separation
  • § 20 · DATA-PROPERTY-RIGHTS

    Who Is the 'Data Processor' Under the Three-Rights Framework — NDA's Farm-Equipment Hypothetical

    NDA's official 政策解读 on the threshold question that every three-rights allocation depends on: who is the 'data processor' and who is the 'information subject'? NDA uses a farm-equipment hypothetical — a farm rents tractor, irrigation, and fertilizer equipment from three different vendors; cultivation data is captured in the process — to work through who collects, who decides processing purposes, and how the property-rights regime balances the data-processor's commercial interest against the information-subject's rights to access copies of relevant data. The piece sketches the basic information-subject vs. data-processor dichotomy that anchors the entire downstream data-element regime, and surfaces the access-to-data right (data portability for commercial entities) that overseas counsel often miss.

    data-property-rights · data-twenty · data-processor
  • § 21 · PUBLIC-DATA

    Public Data Under Franchise and Concession Operations: Who Owns It and Can It Be Traded?

    Infrastructure and public-utility operators in China — gas networks, urban parking, water systems, and similar franchise/concession (特许经营) businesses — generate data that falls within the statutory definition of 'public data.' That classification creates compliance questions that standard enterprise-data analysis does not answer: does a franchise agreement confer the right to process and sell that data, and under what conditions? Two Shenzhen Data Exchange compliance officers work through the asset-ownership and revenue-attribution routes for establishing data-use authority, flag the asset-transfer risk that attaches to API and dataset licensing, and explain why franchise-generated public data should not be silently assimilated into the authorised-operation (授权运营) model now being piloted across Chinese cities. The operational takeaway: amend legacy concession agreements to address data rights explicitly, and build the data-rights clause into every new franchise contract before signing.

    public-data · franchise-concession · authorized-operation
  • § 22 · DATA-PROPERTY-RIGHTS

    Inside the Reviewer's Mind — A Compliance Guide to Data Property-Rights Registration at Shenzhen Data Exchange

    China's data property-rights registration (数据产权登记) regime has no single national rulebook yet, which makes the reviewer's checklist at the registrar level the operational baseline for any applicant. This brief summarises a practitioner guide by two compliance managers at Shenzhen Data Exchange (深圳数据交易所), explaining what registration reviewers actually scrutinise: whether the subject-matter falls within the platform's accepted scope; whether the applicant can substantiate entitlement to one or more of the three data-property rights (持有权 / 使用权 / 经营权); and whether the submitted materials are internally consistent and complete. The guide also clarifies common misconceptions about the 'three rights' structure — including why 'data ownership' is not a legally recognised concept and why holding-right does not automatically confer use-right or operating-right. For overseas counsel advising clients on data-asset registration, this is the clearest available account of how the first-mover registrar reads applications.

    data-property-rights · data-registration · data-economy
  • § 23 · PUBLIC-DATA

    Authorized to Operate, Not Authorized to Ignore: Public-Data Operators Still Owe the Full PIPL/DSL Stack

    China's public-data authorized-operation regime — established by the January 2025 Implementation Specifications and its companion instruments — does not exempt operators from the personal information and data-security duties that sit underneath it. This brief, drawn from the Shenzhen Data Exchange's DEXC+ compliance column, sets out six specific areas where authorized operators routinely fall short: failure to classify data before operating it, misreading the operator's role in multi-party processing chains, skipping notification obligations, misidentifying the lawful basis for processing, misapplying consent that was gathered for a different purpose, and omitting the separate impact-assessment and annual risk-evaluation obligations under PIPL and the Network Data Security Regulations. The operational takeaway for overseas counsel advising operators or investors: government authorization is the entry ticket to the public-data market, not a waiver of the compliance checklist that governs what happens once inside.

    public-data · data-economy · pipl
  • § 24 · PUBLIC-DATA

    Inside the Gate: How Enterprises Can Compliantly Process, Operate, and Trade Public Data Under China's Authorized-Operation Model

    China's public-data authorized-operation regime (公共数据授权运营) is the primary route for enterprises to commercialise government-held data. A DEXC+ analysis by Yang Haoran maps the full compliance arc: what qualifies as public data, how it must be processed within a sandboxed platform, and what a data product needs to clear before it can be listed on an exchange. Drawing on the National Data Administration's draft Authorized-Operation Implementation Specifications and Shenzhen Data Exchange's own 3×4 dynamic-compliance framework — covering subject compliance, subject-matter compliance, and circulation compliance across legal, security, integrity, and rights dimensions — the brief gives overseas counsel a structured view of the obligations that attach at each stage of the public-data supply chain, from first authorisation to on-exchange listing.

    public-data · authorized-operation · data-trading
§ SUBSCRIBE

The Monday brief.

One short email every Monday. New briefs on Chinese data-compliance rules from the previous week, with the source law cited.

Opt-in only. Unsubscribe anytime by replying "unsubscribe" to any issue.

SUPPORT DCC

Keep the publication free to read. Suggested support is $19.99, or choose your own amount.

Support →