China's New Cybersecurity Law – Also a Data Privacy Law?
(2016) 144 Privacy Laws & Business International Report 1-7
11 Pages Posted: 27 Apr 2017 Last revised: 13 Jul 2018
Date Written: December 1, 2016
In November 2016, China’s Standing Committee of the National People’s Congress (SC-NPC) promulgated the PRC Cybersecurity Law, which will take effect on 1 June 2017. Although the law is mainly devoted to provisions concerning the security of information networks and, in particular, to mandating security procedures and requirements for ‘critical information infrastructure’ and ‘critical information infrastructure operators’ the Cybersecurity Law’s provisions relating to data privacy articulate what are China’s most comprehensive and broadly applicable set of data privacy principles to date.
These data privacy provisions reiterate many of the basic principles and requirements found in other laws and regulations, but the Law also includes new or more explicit requirements with respect to data correction rights, deletion, re-use and disclosure, breach notification to users and data localization. Still missing, however, are several common elements of other jurisdictions’ data privacy laws, such as explicit user access rights, requirements on data quality and special provisions for sensitive data. The Law also does not establish a national data protection authority. There are also uncertain questions of scope, particularly in relation to public sector bodies.
While China has long lacked a broadly applicable national data privacy law, the scope and strengthened principles of this new legislation means that it can probably now be considered to be “China’s Data Privacy Law,” with which other lower-level laws and regulations must be consistent.
This article analyses the privacy-related aspects of the Cybersecurity Law, and in particular asks what (if anything) it adds to China’s previous set of data privacy laws. Comparisons are made with China’s existing data privacy laws.
Keywords: Privacy, Data Protection, Secruity, Cybersecurity, China
Suggested Citation: Suggested Citation