China Expands Data Protection through 2013 Guidelines: A ‘Third Line’ for Personal Information Protection (With a Translation of the Guidelines)

Privacy Laws & Business International Report, Issue 122, 1, 4-6, April 2013

UNSW Law Research Paper No. 2013-37

UTS: Law Research Paper No. 2014/15

19 Pages Posted: 17 Jun 2013 Last revised: 27 Aug 2014

Graham Greenleaf

University of New South Wales, Faculty of Law

George Tian

University of Technology Sydney, Faculty of Law

Date Written: April 16, 2013

Abstract

China has added a third significant layer of regulation of data privacy in information systems, the Information Security Technology – Guidelines for Personal Information Protection Within Public and Commercial Services Information Systems, released by the Ministry of Industry and Information Technology (MIIT) Standardization Administration on 21 January 2013, effective 1 February 2013.

In theory, these voluntary guidelines are not as important as the two regulatory instruments of 2011/12 covering part of the same territory (primarily Internet IISPs), the Decision of the Standing Committee of the National People’s Congress of December 28, 2012 (see http://ssrn.com/abstract=2251303), and the MIIT Regulation of December 2011 (see http://ssrn.com/abstract=2049232). However, these 2013 Guidelines apply to a much broader range of businesses, and they cover key issues (such as data exports, sensitive data, and subject access and correction rights), and provide some details, not covered in the earlier instruments. They may well indicate the standard that will be applied in these other laws, and even in such laws as the Tort Liability Law. The Guidelines set out obligations in three overlapping ways. This article analyses these three approaches, how the Guidelines differ from and add to the existing regulation of data privacy in China, and the significance they have for businesses operating in China.

An unofficial translation of the Guidelines is included in the article.

Keywords: Asia, China, data protection, guidelines, privacy

Suggested Citation

Greenleaf, Graham and Tian, George, China Expands Data Protection through 2013 Guidelines: A ‘Third Line’ for Personal Information Protection (With a Translation of the Guidelines) (April 16, 2013). Privacy Laws & Business International Report, Issue 122, 1, 4-6, April 2013; UNSW Law Research Paper No. 2013-37; UTS: Law Research Paper No. 2014/15. Available at SSRN: https://ssrn.com/abstract=2280037

Graham Greenleaf (Contact Author)

University of New South Wales, Faculty of Law ( email )

Sydney, New South Wales 2052
Australia
+61 2 9385 2233 (Phone)
+61 2 9385 1175 (Fax)

HOME PAGE: http://www2.austlii.edu.au/~graham

George Yijun Tian

University of Technology Sydney, Faculty of Law ( email )

Sydney
Australia
+61 2 9514 3257 (Phone)
+61 2 9514 3400 (Fax)

Register to save articles to
your library

Register

Paper statistics

Downloads
768
rank
28,355
Abstract Views
3,158
PlumX