China Codifies Data Protection And Privacy

THE NEXT STEP in codifying new data protection and privacy standards has passed China’s legislature. The National People’s Congress Standing Committee enacted the Personal Information Protection Law on August 20. It will take effect on November 1.

It follows the recently passed Data Security Law, which will take effect on September 1.

Once fully implemented, the two new laws together will significantly impact data protection compliance requirements for businesses and data flows between China and the outside world. As with all Chinese legislation, authorities might enforce the law opportunistically for political reasons to penalise foreign firms or their governments.

The text of the final draft of the Personal Information Protection Law has not yet been released. Based on earlier drafts, it will resemble the EU’s General Data Protection Regulation (GDPR) in the level of the demands and restrictions it places on firms and other organisations that collect personal data, but without creating a fundamental right to privacy.

The law should improve the protection of individuals from misuse of their personal data by businesses and lower-level government officials, who have been known to sell it illegally or abuse it for private purposes.

However, these protections will be overriden if relevant stat organs need to acquire the data for specificed purposes, most notably domestic security.

1 Comment

Filed under Politics & Society, Technology

One response to “China Codifies Data Protection And Privacy

  1. Pingback: China’s New Tech Order | China Bystander

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s