Recently, the National Development and Reform Commission, the National Data Administration, the Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation jointly issued the "Implementation Plan for Improving Data Circulation Security Governance and Promoting the Marketization and Value of Data Elements" (hereinafter referred to as the "Plan"), proposing that by the end of 2027, a data circulation security governance system with clear rules, prosperous industries, and multi-party collaboration will be basically constructed, and the data compliance and efficient circulation mechanism will be more perfect, with significantly improved governance efficiency, providing strong guarantees for the prosperity of the data market and the release of data value. Clarify the rules of circulation security to ensure the "supply and demand" of data. With the continuous deepening of data development and utilization, data circulation has become the trend. Data security is gradually shifting from "static security" that focuses on strengthening network security protection to "dynamic security" that focuses on preventing data circulation risks. According to the relevant person in charge of the National Data Administration, "Improving data circulation security governance and deepening data development and utilization while preventing data circulation risks is not only the essence of safeguarding the bottom line of security, but also an inevitable requirement for unleashing the value of data." Data has characteristics such as non consumptive, weak exclusivity, low-cost replication, and strong economies of scale, which can easily lead to risks such as privacy breaches, data abuse, and damage to rights and interests. The 'Plan' addresses these pain points and blockages by clarifying the security rules for the circulation of enterprise data, public data, and personal data, effectively reducing concerns about data supply, and truly making data 'available'. Specifically, it includes: Clarify the security rules for enterprise data circulation. The Plan stipulates that enterprises are supported in enhancing their data governance capabilities through the compilation of data resource catalogs, analysis of security risks in circulation processes, and the development of classified and graded protection measures. Encourage enterprises and institutions to establish Chief Data Officers, strengthen data governance and data development and utilization. Data processors should identify and declare important data in accordance with relevant national regulations, and accept supervision and inspection by regulatory authorities in accordance with the law. For data confirmed as important, relevant regions and departments should promptly inform or publicly release it to data processors. When data processors provide important data to external parties, they should take necessary security measures in accordance with relevant laws, regulations, and industry regulatory requirements to effectively maintain national security, economic operation, social stability, public health, and safety. Strengthen the security management of public data circulation. Developing and utilizing public data is a leading project to activate the potential of data elements. The Plan stipulates that in the process of government data sharing, the data provider shall follow the principle of "whoever is in charge, who provides, and who is responsible", clarify the scope, purpose, and conditions of government data sharing, assume security management responsibilities before data provision, explore the establishment of a data security management risk assessment system for data receivers, and ensure orderly sharing of data under the premise of security. The data recipient shall bear the security management responsibility after receiving the data in accordance with the principle of "who handles, who uses, who manages, and who is responsible". Strengthen the protection of personal data circulation. The Personal Information Protection Law has comprehensively stipulated the protection of personal information, and the "Plan" focuses on the detailed implementation, especially the prominent problems of unclear rules, lack of guidance in implementation, and lack of basis for determining the effectiveness of personal information anonymization, and improves the mechanism for protecting personal data rights and interests. For example, the "Plan" stipulates that for the circulation of personal data, personal consent should be obtained in accordance with laws and regulations or anonymized, and personal consent should not be obtained through coercion, fraud, misleading or other means. Develop relevant standards and specifications for personal information anonymization, clarify anonymization operation norms, technical indicators, and circulation environment requirements. Encourage the use of various methods such as national network identity authentication public services to strengthen personal information protection. The innovation of graded protection technology ensures the smooth flow of data. Recently, favorable policies related to the data industry have emerged frequently, and the data industry is expected to experience accelerated development by 2025. For example, the National Development and Reform Commission and other departments jointly issued the "Guidelines for the Construction of National Data Infrastructure", which means that China has launched a new round of data centric digital infrastructure layout; The National Development and Reform Commission and other departments jointly issued the "Implementation Opinions on Promoting the High Quality Development of the Data Labeling Industry", which means that the first document related to the data labeling industry in China's data field has been released, and the entire data labeling industry will enter an acceleration period, with an average annual compound growth rate of over 20%. It is reported that in 2025, the National Data Administration will vigorously implement the "East Data West Computing" project and accelerate the construction of a national integrated computing power network. By the end of 2025, the newly added computing power in national hub node regions should account for over 60% of the country's total new computing power, and the proportion of green electricity used in newly built data centers in national hub nodes should exceed 80%. The efficient circulation of data security relies on the guarantee of data security technology and the support of data infrastructure. According to the relevant person in charge of the National Data Administration, companies usually do not know what technology and facilities they need to adopt. On the one hand, the sensitivity and importance of different data are not the same, and the security protection requirements are also different; On the other hand, different technologies and facilities provide varying levels of security capabilities, resulting in different cost inputs. How to choose the appropriate circulation method, match technical capabilities with security risks, and achieve security optimization with minimal cost is the key issue that needs to be addressed in the 'Plan'. To this end, the 'Plan' clearly proposes to support innovation in data circulation security technology, improve data circulation security standards, guide enterprises to adopt different security technologies to carry out data circulation according to data classification and grading protection requirements. For general data that does not involve risk issues, it is encouraged to take necessary security measures for circulation and utilization. For data that has not been identified as important but is considered by the enterprise to involve important business information, data providers and recipients are encouraged to access and use data circulation and utilization infrastructure to promote data security flow. For important data, while protecting national security, personal privacy, and ensuring public safety, we encourage the development of data value through methods such as "original data not leaving the domain, data available but invisible, and data controllable and measurable" in accordance with laws and regulations. The 'Plan' elaborates on the implementation of the national data classification and grading protection system, proposes to improve the security standards for data circulation, guides enterprises to adopt different security technologies for the circulation of data with different security levels, and points out the direction for the 'flow of data' The person in charge said. Enriching the supply of security services to ensure the "good use" of data and strengthening the governance of data circulation security cannot be separated from market-oriented security service supply. Currently, China's data security industry is accelerating its development, but the supply of services for data circulation security still needs to be further improved. The Plan proposes to prosper the data security service market, expand the scale of data security governance services, and innovate the format of data security services. Support data security service institutions to strengthen basic theoretical research, core technology breakthroughs, and product innovation applications, develop towards scale, specialization, and integration, improve security service efficiency, and reduce application costs. Cultivate services such as data circulation security detection and evaluation, security auditing, etc., and improve market-oriented mechanisms that are conducive to mutual trust among data circulation entities. Enrich the supply of data hosting and other services, research and explore feasible solutions to provide insurance protection for data security, and encourage eligible enterprises to expand data security hosting services for small and medium-sized enterprises. At the same time, the plan also proposes to prevent the risk of data abuse. Strictly crack down on black and gray industries that illegally obtain, sell, or provide data in accordance with the law, strengthen the protection of sensitive personal information, and restrict the use of personal information beyond authorized scope. Punish the use of data to engage in monopolies, unfair competition, and other behaviors in accordance with the law and regulations, and safeguard the rights and interests of all parties and the fair competition order in the market. Under the coordination of the national data security work coordination mechanism, we will strengthen the monitoring of data security risks in key industries, continuously enhance risk analysis, monitoring, and disposal capabilities, prevent systematic and large-scale data security risks, and maintain national security and economic and social stability. Research and improve the mechanism for handling data circulation security accidents or disputes, and enhance the ability to respond to circulation risks. Wang Weiping, deputy director of the Institute of Information Engineering of the Chinese Academy of Sciences, pointed out that enriching the supply of security services is an important guarantee to ensure the "good use" of data. The Cybersecurity Law, Data Security Law, Personal Information Protection Law, Network Data Security Management Regulations and other laws and regulations have made clear provisions on data security and personal information protection systems. Overall, in recent years, the data security governance capabilities of enterprises have improved, but there are still many enterprises with relatively low data security governance capabilities, especially some small and medium-sized enterprises. Due to their limited capabilities and high market-oriented service costs, it is difficult to implement data security compliance. The Plan proposes to enrich the supply of data circulation security services, which can greatly help enterprises improve their data security governance capabilities and make up for their shortcomings and weaknesses. According to the relevant person in charge of the National Data Administration, the National Data Administration will work with relevant departments to improve and refine rules, accelerate the development of standards for personal information anonymization, important data anonymization, and data circulation security auditing, organize the release of typical cases of data circulation security governance, further clarify specific rules, and ensure the implementation of relevant laws and policies. At the same time, strengthen departmental collaboration, enhance law enforcement coordination in areas such as data security and personal information protection, promote administrative law enforcement information sharing, situation reporting, and collaborative cooperation, and improve regulatory efficiency. (New Society)