At the Big Data Application and Governance Summit in December 2018, Meng Qingguo, executive dean of the National Governance Research Institute at Tsinghua University; Du Yuejin, vice chairman of the Cybersecurity Association of China and technical vice president of Alibaba Group, and other experts discussed cybersecurity in the era of big data.
Many participants believe that protecting data security requires new ideas. Among them, Meng Qingguo thought that the concept of data rights must be defined in order to better formulate rules, break down information barriers and let information flow freely. Du Yuejin remarked that enterprises should not passively bear the costs of security, and only those who do better in data security can turn passivity into initiative.
Meng Qingguo: Defining data rights can break down data silos
Meng said that we have been facing a problem of “data silos”. Many places are engaged in big-data platforms and want to share data. However, if department A creates data in the course of it’s functions that is very useful to department B, the latter will often want to use this data for free.
This has the potential to create issues over who is responsible for the data. Legally speaking, the department who owns the data should take the responsibility, even if it is being used elsewhere.
In the above case, Meng says, it is necessary to define the use of this data by different departments, what responsibility they bear, and what responsibilities must be borne by a third party who wants to obtain the data.
"At present, the data silos have not been broken down and its root cause lies in the fact that we only have a vague understanding of data rights, or we're deliberately avoiding it."
Meng Qingguo explained that there are three application scenarios for data: the development and use of data, the sharing and exchange of data and the flow of data.
 |
|
Experts in cybersecurity share their thoughts at the summit. [Photo provided to chinadaily.com.cn] |
Data rights involve who has the right to collect data, who has the right to develop data and who has the right to use the data.
In terms of the sharing and exchange of data, these rights also include who possesses the data, who can use the data, who will supervise the transaction of data and how to distribute the proceeds of the data transaction.
As to the flow of data, data rights involve whether the information will be made public and whether the cross-border flow of information should be promoted.
From Meng's perspective, these problems can only be solved through strictly defining data rights
Du Yuejin: People who do better in data security will face bigger opportunities and markets to use data
Du Yuejin believed the key to the governance of data security is regaining the initiative.
"Data security is currently receiving wide attention. There are various policies and legal strategies on this issue. However, many people compare data to gold and oil. If you compare data security in this way, we will make huge mistakes.
"Data is more like blood. It can be produced continuously, but formulating rules won't solve the problem of blood protection. The blood needs to flow and generate values, so we must participate and govern it together," Du claims.
According to this approach, security means spending money. The more that enterprises invest in security, the less funds will be allocated to the development of products. Therefore, data security will become a burden for enterprises, and more companies may want to assume less responsibility to reduce costs.
After the meeting, Du said in an interview that the way to make "a company with better data security and stronger competitiveness" is if the country sets standards for data security and stipulates that companies must adhere to them in order to access relevant big data. In this way, enterprises will be more motivated to invest in data security and create a better ecosystem for big data.
