US media: China's legislation in the field of privacy and data security is strict, leading the world

Source: Global Times

In recent years, China, like other countries, has been exploring how to harness and protect the power of large amounts of data held by companies and government agencies.

China has stepped up regulation of the tech industry. In the coming months of this year, China will implement no less than three new laws and regulations on data privacy and security. These initiatives provide a clearer picture of Beijing's vision of privacy data, which manages it as a key national asset within its borders, while focusing on further unlocking the potential of data. Beijing sees data as a commercial input as important as land and capital.

Jacob Gantt, senior analyst at the Mercator Centre for Chinese Studies in Germany, said: "Beijing wants to release data from 1.4 billion consumers, producers and innovators, combined with the country's potential to generate a large amount of industrial data, to produce economic results. ”

In the past, in addition to requiring user information to be shared with the government in a variety of situations, China has largely allowed tech companies to grow and has less oversight of how they collect or use data. By 2017, China had implemented an important new piece of legislation in the area of data governance, the Cybersecurity Law, to classify and monitor data, with a focus on data localization.

Regulations that come into effect in the next 3 months will strengthen the Cybersecurity Law and expand it to a wider scope. For example, the Data Security Act (effective September 1). Arguably, this is the most important new law of the year, dividing private sector data into "national core data" ("data related to national security and the lifeblood of the national economy"), important data, and other general data. The regulation, like many Chinese laws, has extraterritorial effects and requires enhanced protection of the first two types of data.

The Several Provisions on automotive data security management (implemented on October 1) define the industry's "important data", which includes data such as traffic flow, maps, car charging network information, faces, sounds and license plates.

The Personal Information Protection Law (which came into effect on November 1) is China's response to growing public concerns about data misuse. It stipulates that the processor of personal information must meet the main compliance conditions.

The new rules will have a big impact on Chinese companies (especially those looking to expand or raise capital overseas) as well as multinationals operating in China. Businesses face higher compliance costs and the risk of millions of dollars in fines or suspension of business operations for handling critical data (improperly).

Nigel Corey, deputy director of the Information Technology and Innovation Foundation, a U.S. think tank, said: "Some of the [data] laws recently passed in China have allowed the government to more directly monitor and control business data. But he said the Chinese government still wants private companies to "play a leading role" in developing China's digital economy, just that the government plays a more direct role in monitoring who owns what data and ensuring that more businesses can participate in it.

Kendra Schaeffer, head of technology policy at Beijing-based Cewei Consulting, said one of the new laws is to lay the groundwork for the protection of sensitive data, while another focuses are to encourage the use of non-sensitive data to grow the economy. "If you read the Data Security Law, you'll see that only half of it is about data security, and the other half outlines the country's obligations to develop the digital economy," she said. ”

Infographic

Hong Kong's South China Morning Post August 30 article, original title: With the new privacy law, China can influence cross-border data rule-making Legal experts say that China's new privacy law, which came into effect in November, will have a profound impact on how companies doing business in China handle cross-border data, which may help China establish global standards for data management.

You Yunting, a senior partner at Dabang Law Firm in Shanghai, said: "The new law will push data recipients located abroad to comply with Chinese laws more seriously. In terms of national sovereignty and personal protection, China's legislation in the areas of privacy and data security is ahead of the world in terms of strictness. ”

The new law also empowers the Chinese government to blacklist foreign organizations, companies and individuals to prevent them from accessing data from Chinese citizens. If a foreign government restricts access to personal information, the law provides for retaliatory measures.

Omer Dean, vice president of the international association of privacy professionals, a nonprofit organization, said the regulations "convey China's strength as a global superpower."

China's Personal Information Protection Law stipulates that it only follows international treaties that China is a party to, and China has not signed any treaties dealing with the protection of personal data. Charles Yu, an attorney at Pillar Legal, believes this shows that China wants to be a country that sets international standards for data transfers. (Translated by Josh Ye and Chen Jun'an)