How Zhang Jindong’s Data Security Proposals Could Shape China’s Digital Future

In 2021, China’s Two Sessions highlighted the drive toward a digital society, emphasizing innovation, digital government, and a robust digital ecosystem as key goals of the 14th Five‑Year Plan.

Data Security as a National Priority

With the transition from the information era to the data era, ensuring the security and compliance of data throughout its lifecycle has become essential for all sectors. Effective public data sharing requires both protection and efficient management.

Zhang Jindong’s Recommendations

Suning Group chairman Zhang Jindong, a veteran representative at the National People’s Congress, proposes elevating data security, clearly defining data‑sharing attributes and rights, and ensuring secure, free flow of data resources. He suggests categorizing data into “public sharing,” “restricted sharing,” and “non‑sharing,” with supervisory departments granting appropriate permissions based on laws, regulations, and industry standards.

Legal Foundations

China’s legal framework has evolved with the 2016 Cybersecurity Law, the 2019 draft Data Security Management Measures, and the 2020 draft Data Security Law, underscoring data security as a core component of national security.

Suning’s Practical Measures

Suning applies the principles of “business need, least privilege, informed consent, and minimal use.” Since 2020, it has conducted four rounds of personal‑information protection self‑checks for its external apps and obtained APP personal‑information security certification from the national cybersecurity review center.

During data collection, Suning adheres to strict consent and minimal‑use policies. In the usage phase, data are classified by sensitivity; personal privacy data receive the highest protection level throughout the lifecycle. All user privacy data are encrypted with nationally approved algorithms, and a dedicated “security house” controls the export of sensitive data.

Calls for Industry Collaboration

Zhang urges authorities to define data‑security scope, responsibilities, and standards, and encourages leading enterprises to leverage their technical advantages to develop and implement standards, avoiding redundant development and ensuring safe data sharing for national interests, public safety, commercial secrets, and personal privacy.

Suning’s Data Governance Framework

Suning has built an automated data‑identification system, establishing classification and grading based on data type and sensitivity, along with incident response and comprehensive data‑security objectives and implementation plans. In 2021, the company will continue focusing on protecting sensitive personal data, enhancing lifecycle management, and aligning with legal and regulatory requirements.

As Zhang notes, the more data is shared across domains, the greater its value; balancing protection with flow is the key challenge for public, cost‑free data sharing.