China Issues a Comprehensive Draft Data Privacy Law

(2020) 168 Privacy Laws & Business International Report 1, 6-10

7 Pages Posted: 24 Mar 2021

See all articles by Graham Greenleaf

Graham Greenleaf

University of New South Wales, Faculty of Law

Date Written: December 1, 2020

Abstract

The long-anticipated Law of the People's Republic of China on the Protection of Personal Information (Draft) (‘PPIL’) was released by the Standing Committee of the National People’s Congress (SC-NPC), the second-highest legislative body in China, on 21 October 2020. Its enactment will be the culmination of a decade-long evolution. The article analyses the draft PPIL and considers where it goes beyond the previous benchmark, the CyberSecurity Law (CSL) of 2016, and compares aspects of the EU’s GDPR.

The article concludes that, while detailed conclusions await enactment, some things are clear enough. China’s draft law is well within the normal global range of data privacy laws, shows many GDPR influences, and goes beyond the GDPR on some points. It goes further in many respects than the 2016 CSL, and the 2017 PI Standard. The ‘enforcement toolkit’ is diverse, with ‘dissuasive’ sanctions, as the GDPR puts it. These apparently strong data privacy rights in the private sector must co-exist with a high level of government surveillance (including the ‘Social Credit’ system) but they are likely to be enforceable because China needs there to be public trust in its e-commerce sector, and aspects of e-governance, so credible data privacy laws are necessary.

Other than the absence of a DPA (specialised, or independent), the most important departure from ‘European’ norms is that the data export restrictions are largely at the discretion of the CAC, with no objective criteria, and other forms of data localisation are similar. Multiple risk points for foreign and local companies will result.

For other countries attracted to ideologies of ‘data sovereignty’, the ‘Chinese model’ (explained in the article) may prove an attractive one to emulate. Internationally, this will fit uncomfortably with both the EU’s GDPR and US laissez-faire. Disputes before international trade forums are likely to result.

Keywords: China, data protection, privacy, Asia, cybersecurity

Suggested Citation

Greenleaf, Graham, China Issues a Comprehensive Draft Data Privacy Law (December 1, 2020). (2020) 168 Privacy Laws & Business International Report 1, 6-10 , Available at SSRN: https://ssrn.com/abstract=3795001

Graham Greenleaf (Contact Author)

University of New South Wales, Faculty of Law ( email )

Sydney, New South Wales 2052
Australia
+61 2 9385 2233 (Phone)
+61 2 9385 1175 (Fax)

HOME PAGE: http://www2.austlii.edu.au/~graham

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
246
Abstract Views
1,297
rank
182,322
PlumX Metrics