The Impact of Scientific Data Administrative Measures on Foreign Companies in China
On March 17, 2018, the Chinese State Council passed the Scientific Data Administrative Measures (the “Measures”) to standardize the management of scientific data at a national level.1 The Measures, which took effect immediately upon issuance, impose a number of requirements on research institutions, higher education institutions, and enterprises (collectively, “Research Entities”), many of which appear to apply to foreign companies operating in China as well as domestic Chinese entities. Most notably, the Measures indicate that central and provincial science and technology authorities will designate specific entities to set up and operate “scientific data centers.” Thereafter, all scientific data generated by Research Entities that is created or managed with government funds, or scientific data generated by Research Entities that is funded by any source but that concerns state secrets, national security, or “societal and public interests,” must be submitted to these data centers for consolidation. In this alert, we give an overview of the Measures and analyze their potential effects on foreign companies with ongoing research and development (“R&D”) activities in China.
II. Background of the Measures
The issuance of the Measures corresponds with an era in which China, due to its increased investments in science and technology, has become a scientific powerhouse. On January 18, 2018, the U.S. National Science Foundation reported that China had in 2016 for the first time overtaken the U.S. in terms of the total number of science and engineering publications in a year.2 During a Q&A session about the Measures held in April 2018, an official from the Ministry of Science and Technology (“MOST”) explained that although China has increased its capability to produce and acquire scientific data, it has until now lacked national level policies regarding the management and sharing of such data.3 Therefore, the official explained, the Measures were introduced in order to systemically strengthen and standardize management of scientific data throughout its life cycle.
III. Overview of the Key Requirements under the Measures
The requirements set forth in the Measures are assigned to a number of entities: (1) MOST; (2) various departments of the State Council and provincial governments (collectively, the “Supervising Authorities”); (3) Research Entities and individuals engaging in research; and (4) designated operators of scientific data centers. The requirements relate principally to the establishment and maintenance of a scientific data management mechanism, the submission of scientific data to data centers, and confidentiality and data security management.
A. What Is “Scientific Data”?
The Measures define the term “scientific data” broadly. According to Article 2, the term encompasses (1) data generated through basic research, applied research, pilot development testing, and other research activities; and (2) raw and derivative data obtained through observation, monitoring, surveys, investigation, inspection, testing, and “other methods” that is intended to be used for scientific research. This definition would appear to cover a broad spectrum of data types as disparate as biochemical lab testing results, computational models, raw weather data, and records of clinical trials.
B. Scope of the Measures
According to Article 3 of the Measures, the Measures apply primarily to the “acquisition, generation, processing, organizing, dissemination, sharing and management” of scientific data when the data is “supported by government funds.” Notably, the Measures would appear to apply not only to data generated in China but also, under certain circumstances, to data generated outside of Chinese borders. An example of such a circumstance would be where data was transferred to China after its production through some mechanism funded by the government.
Despite the focus on government funding, however, Article 3 additionally makes clear that other parts of the Measures may apply to Research Entities more broadly or indeed to any entity or individual engaging in activities related to scientific data within Chinese borders, should their activities fit into any of the particular situations described in the later Articles of the Measures. This expanded scope allows the Measures to be applied even to foreign companies operating purely with private funding.
C. Requirements Specific to Government-Funded Data
Submission of Scientific Data to Data Centers. Under Article 10 of the Measures, the Supervising Authorities are responsible for designating certain specific Research Entities to operate “scientific data centers.” These designated operators of data centers will coordinate the compilation of data in these data centers and will be responsible for their administration. According to Article 13, all scientific data from all Research Entities that is financed by government funds must be submitted to these data centers.
Publishing Scholarly Work in Foreign Journals. Additionally, Article 14 of the Measures requires that all scientific data that has been produced using government funds be submitted to an individual author’s department at the Research Entity before it can be referenced in an academic paper in a foreign journal. This requirement only applies, however, when the journal requires that the underlying scientific data be submitted before publication. During a press conference, a MOST representative explained that this provision was included in the Measures to avoid a situation where scientific data deriving from government-funded programs might be transferred overseas to support publications in foreign journals without having been properly submitted to a domestic data center, and therefore serves as a type of back-up to ensure that all data produced by individual researchers is archived first by the relevant Research Entity and then submitted properly to the scientific data center. The representative emphasized, however, that the provision is not intended to stop the outbound “flow” of scientific data.4
Providing Free Access to Scientific Data for Certain Public Interest-Related Purposes. Pursuant to Article 24 of the Measures, once a Research Entity’s scientific data is submitted to a scientific data center, the producer of the data is required to provide the data free of charge (or, if necessary, at a reasonable price not designed to bring profit to the producer of the data) to any user that intends to use the data for certain public interest-related purposes. The purposes listed in Article 24 include government decision-making, public security, national defense-related construction, environmental protection, disaster prevention and relief, and non-profit scientific research.
When the requested usage of the scientific data is for business purposes, however, Article 24 requires that the “parties” (presumably the data owner and the prospective data user) enter into an agreement specifying their respective rights and obligations and a fee for the use of the data. It does not appear to allow for the data owner to decline to share its data.
Confidentiality and Security of Sensitive Scientific Data. Although the Measures promote the accessibility of scientific data generated with government funding, they also require protection for certain types of sensitive data. Article 25 prohibits the dissemination of scientific data containing state secrets, national security, societal and public interests, trade secrets, and personal identifiable information. However, the prohibition is not absolute dissemination of this type of scientific data is allowed if “genuinely necessary.” In such an instance, the entity managing the data center to which the data has been submitted will examine the prospective data user’s qualifications and purpose in requesting the data, among other factors. It is unclear at this point how “genuinely necessary” will be defined, or what standards will be used by the entities managing the scientific data centers when they are evaluating data users’ requests for access.
D. The Impact of the Measures on Foreign Companies
The Measures will likely have limited immediate impact, at least initially, on foreign companies. The Measures appear to be principally intended to establish a scientific data management mechanism for data deriving from government-funded programs. They do not require the submission or cataloging of all scientific data generated in China, nor do they regulate R&D activities themselves. The Measures only require submission of privately funded scientific data under limited circumstances, as discussed below.
a. Partially Government-Funded Scientific Data
First, data produced by a foreign company may become subject to the Measures due to partial government funding. For instance, foreign companies may sometimes collaborate with Chinese government departments, research/educational institutions, hospitals, or clinics to jointly produce or manage scientific data in China. Foreign companies may also participate in international R&D programs involving Chinese participants that are financially supported by the Chinese government. Consequently, when a foreign company is not the sole funder of an R&D program, it is important for that company to understand the identity of its partners and what their sources of funding are. In making that determination, the company must be aware that the definition of government funding includes funding at all phases throughout the life cycle of scientific data, including generation, acquisition, processing, analysis, sorting, dissemination, as well as storage and management. Therefore, companies must be careful to analyze all of those time periods to determine whether their scientific data could be considered to be government-funded.
Furthermore, there is no minimum monetary threshold or proportion specified in the Measures to help define what level of governmental financial support would qualify an R&D program as government-funded. This means that even a nominal contribution from the government could potentially subject scientific data to the Measures.
When there is government funding involved in the life cycle of scientific data, the key requirements outlined in the section above (that is, the submission of scientific data to data centers as well as allowing free access to other data users for public interest purposes and for a fee for other purposes) will come into play.
From the perspective of a foreign company, the most troubling implication of the application of the requirements for government-funded data is likely the statement in Article 25 that even information involving personal identifiers or a trade secret may be shared with a prospective user if “genuinely necessary,” based only on the evaluation of the entity managing the scientific data center. The potential impact of this provision is three fold. First, the sharing of such data potentially affects the commercial interest of companies in protecting their own trade secrets. Second, the provision potentially subjects companies to contractual disputes related to the dissemination of the trade secret, should the trade secrets be owned by others. Third, the provision puts companies at risk of running afoul of data privacy laws in other jurisdictions such as the E.U. or the U.S. for sharing data containing personal identifiable information.
Given the early stage of the development of these policies, however, it is doubtful that enforcement for non-submission or delayed submission of data to scientific data centers will be forthcoming in the near future.
b. Scientific data concerning state secrets, national security and public interests
Additionally, according to Article 15 of the Measures, private companies are required to submit scientific data to data centers, even when the data is purely privately funded, if it concerns state secrets, national security or societal or public interests. Given the vague nature of these terms, a potentially wide range of privately funded scientific data could therefore be subject to submission.
In practice, however, private companies already have significant experience screening data for the state secrets and national security elements of this definition due to the pre-existing need to comply with the Chinese State Secrets Laws. Therefore, in order to comply with this new requirement, they will only have to engage in the analysis they already engage in each time they determine whether they can send information/data “abroad” (including to servers in their home companies).
The “societal and public interests” prong presents more of a challenge, as the definition of “societal and public interests” is still unclear and it is possible to imagine that data such as that related to environmental engineering, life sciences, and medical R&D activities in China might be interpreted by the Chinese government as falling under this category. Therefore, private companies will need to monitor this area closely to see how this definition is interpreted by the Chinese authorities, and may eventually need to consider tasking a specific employee to screen all data for potential submission to scientific data centers.
Although the law is not particularly clear on this point, it may also be the case that data submitted under this provision to the scientific data centers could be disclosed by the operator of the data center under Article 25 if disclosure is “genuinely necessary,” just as it could be in the case of government-funded data. As above, this would raise a number of concerns regarding trade secrets and data privacy.
Although the Measures technically have gone into effect, the mechanisms described therein are thus far uncertain enough that there should be little effect immediately on foreign companies. Additionally, it appears from the statements made by MOST representatives that the major purpose of the Measures is to exert control over government-funded research, and that it is unlikely to be used to acquire data from or regulate the R&D activities of foreign companies in any significant way.
In particular, the requirements of the Measures in relation to state secrets and national security will have a limited impact on foreign companies that already have measures in place to comply with China’s State Secrets Laws, except that the companies will have to transfer certain types of data to scientific data centers after they are created. Some recent commentaries from foreign observers have suggested that the Measures intend to tighten control over cross-border data transmission and require government approval before scientific data can be transferred abroad, which does not appear to be the case. Likely, that view represents a misinterpretation of Article 14, relating to overseas publications, which applies only to government-funded research.
At the current stage, we recommend that foreign companies with R&D activities in China monitor any updates in this space closely to understand how, if at all, the Chinese government will be interpreting and enforcing the provisions of the Measures. In the meantime, such companies should work to strengthen their compliance mechanisms around the State Secrets Laws, as they will depend on the same sorts of capabilities to ensure compliance with the Measures going forward.
1 For the full text of the Scientific Data Management Measures, see the Central Government’s public notification, available at http://www.gov.cn/zhengce/content/2018-04/02/content_5279272.htm.
2 According to the report, in 2016 China had a total number of 426,165 science and engineering research articles while U.S. had a total number of 408,985 articles. See National Science Board, 2018 Science & Engineering Indicators (January 18, 2018), Chapter 5, p.112. https://www.nsf.gov/statistics/2018/nsb20181/assets/nsb20181.pdf.
3 See Question and Answer with the Ministry of Science and Technology Regarding the Scientific Data Management Measures (科技部就《科学数据管理办法》答问), April 5, 2018, at http://www.scio.gov.cn/xwfbh/gbwxwfbh/xwfbh/kjb/Document/1627261/1627261.htm. The news is available in Chinese only.
4 See The MOST Held Meeting with Media Industry Regarding the Scientific Data Administrative Measures (科技部举行《科学数据管理办法》新闻通气会), April 4, 2018, at http://www.scio.gov.cn/xwfbh/gbwxwfbh/xwfbh/kjb/Document/1627104/1627104.htm.