China's NPC Standing Committee Privacy Decision: A Small Step, Not a Great Leap Forward
Privacy Laws & Business International Report, Issue 121, February 2013
5 Pages Posted: 16 Apr 2013 Last revised: 5 May 2014
Date Written: April 13, 2013
Abstract
The Decision of the Standing Committee of the National People’s Congress (NPC Standing Committee) of December 28, 2012 concerning data privacy and the internet (‘2012 Decision’) is the highest level law yet enacted in China to deal specifically with data protection issues. This article analyses that Decision, comparing its content with the MIIT Regulation directed at the same IISPs, and covering much of the same ground (see G Greenleaf ‘China's Internet Data Privacy Regulations 2012: 80 Percent of a Great Leap Forward?’ available at http://ssrn.com/abstract=2049232.
The conclusion is reached that, other than that this Decision comes from the high platform of the Standing Committee of the NPC, it is not obvious that it constitutes ‘far-reaching requirements’ or ‘a great step forward,’ as some authors have suggested – at least not in the direction of a comprehensive data privacy law (even in relation to the Internet). It is missing essential principles (access and correction; deletion/de-identification; and data export limitations), and ambiguous on others (finality and collection limitations). However, the strong requirement on opting out from direct marketing, the clearer right to seek civil damages for breach, and the extension of obligations on State agencies, do add to the requirements in the Regulation published one year earlier.
Keywords: data protection, privacy, China
Suggested Citation: Suggested Citation