China's New Cybersecurity Law – Also a Data Privacy Law?

(2016) 144 Privacy Laws & Business International Report 1-7

UNSW Law Research Paper No. 17-19

11 Pages Posted: 27 Apr 2017 Last revised: 13 Jul 2018

Graham Greenleaf

University of New South Wales, Faculty of Law

Scott Livingston

Simone IP Services (SIPS)

Date Written: December 1, 2016

Abstract

In November 2016, China’s Standing Committee of the National People’s Congress (SC-NPC) promulgated the PRC Cybersecurity Law, which will take effect on 1 June 2017. Although the law is mainly devoted to provisions concerning the security of information networks and, in particular, to mandating security procedures and requirements for ‘critical information infrastructure’ and ‘critical information infrastructure operators’ the Cybersecurity Law’s provisions relating to data privacy articulate what are China’s most comprehensive and broadly applicable set of data privacy principles to date.

These data privacy provisions reiterate many of the basic principles and requirements found in other laws and regulations, but the Law also includes new or more explicit requirements with respect to data correction rights, deletion, re-use and disclosure, breach notification to users and data localization. Still missing, however, are several common elements of other jurisdictions’ data privacy laws, such as explicit user access rights, requirements on data quality and special provisions for sensitive data. The Law also does not establish a national data protection authority. There are also uncertain questions of scope, particularly in relation to public sector bodies.

While China has long lacked a broadly applicable national data privacy law, the scope and strengthened principles of this new legislation means that it can probably now be considered to be “China’s Data Privacy Law,” with which other lower-level laws and regulations must be consistent.

This article analyses the privacy-related aspects of the Cybersecurity Law, and in particular asks what (if anything) it adds to China’s previous set of data privacy laws. Comparisons are made with China’s existing data privacy laws.

Keywords: Privacy, Data Protection, Secruity, Cybersecurity, China

Suggested Citation

Greenleaf, Graham and Livingston, Scott, China's New Cybersecurity Law – Also a Data Privacy Law? (December 1, 2016). (2016) 144 Privacy Laws & Business International Report 1-7; UNSW Law Research Paper No. 17-19. Available at SSRN: https://ssrn.com/abstract=2958658

Graham Greenleaf (Contact Author)

University of New South Wales, Faculty of Law ( email )

Sydney, New South Wales 2052
Australia
+61 2 9385 2233 (Phone)
+61 2 9385 1175 (Fax)

HOME PAGE: http://www2.austlii.edu.au/~graham

Scott Livingston

Simone IP Services (SIPS) ( email )

25th Floor, 3 Lockhart Road
Hong Kong
Hong Kong

Register to save articles to
your library

Register

Paper statistics

Downloads
208
rank
133,299
Abstract Views
750
PlumX