The inevitable flaw of China’s personal data law is that it does not prevent the country itself from accessing the personal information of its citizens. People living in China will still be the most monitored and censored people on the planet. “The Chinese government is a greater threat to personal privacy, and I don’t know they will be affected,” said Omer Tene, a partner at Goodwin Law Firm specializing in data, privacy, and network security.
PIPL differs from other data regulations in how it reflects the broader political goals of the country that implements it. “If the European data protection law is based on fundamental rights and the US privacy law is based on consumer protection, then the Chinese privacy law is closely related to national security, and I would even say that it is based on national security,” Tene said.
In fact, PIPL extends the requirements of the Chinese Cyber Security Law regarding companies to store personal data in China. Telecommunications, transportation, financial companies, and other entities deemed critical information infrastructure have had to do this. But the requirement now applies to any company that collects a certain number of people data that is still uncertain. With the departure of Yahoo and LinkedIn, Apple is now one of the few well-known international technology companies with operations in China.In order to maintain a place in a lucrative market, Apple has previously Make serious concessions to the Chinese government. At this stage, it is not clear how much impact PIPL will have Apple’s business in China.
James Gong, a partner of Bird & Bird’s law firm in China, said that companies that want to share data outside of China must now also pass a national security review.Individual guidance Translated by China Digital It was revealed that a wide range of companies may face national security scrutiny, including companies that send “important data” abroad. Companies that have data on more than one million people and want to send information abroad will also face scrutiny. Any company with a reasonable scale operating within or outside China may be liquidated during this review process.
As part of the security review, the company must submit a contract between itself and the foreign partner receiving the data and complete a self-assessment. This includes clarifying why the data is transferred out of China, the type of information sent, and the risks of doing so. Gong said that all of these together may bring some uncertainty to companies doing business in China. “They will need to consider restructuring their current business, management and IT structures and related costs.”
Although PIPL may force Chinese domestic companies to improve the way they handle data, it will also have an impact on broader data rules around the world; between it, GDPR and US privacy protection methods (especially retaliatory blacklists) There are key differences. “They are purely political regulations,” Li said. “These regulations are not visible in any other global privacy proposal.”
The biggest impact of China’s new privacy law — and its protectionism and political rotation — may be its impact on other countries that are still developing their own data protection policies or rewriting them for the digital age. “We are worried that other Asian countries may follow China’s example and incorporate these data localization measures into their privacy laws,” Li said. “For example, we have seen that the privacy drafts of India and Vietnam have some such measures.”
More exciting connected stories