The inevitable flaw in China’s personal information law is that it does not prevent the state from being able to access the personal information of its citizens. People living in China will still be the most monitored and censored on the planet. “The Chinese government is the biggest threat to personal privacy, and I don’t know if they will be affected,” said Omner, a law partner at Goodwin, an expert on data, privacy and cybersecurity.
PIPL differs from other data regulations in how it reflects the country’s larger political goals of implementing it. “If European data protection laws are based on fundamental rights and US privacy laws are based on consumer protection, then Chinese privacy laws are closely aligned, and I would even say based on national security,” Ten said.
In fact, PIPL extends to a requirement of China’s cyber security law that companies store personal data within China. Telecom, transport, finance firms, and other entities that are considered important information infrastructure have already done so. But that requirement now applies to any company that collects a certain, yet indefinite amount of human data. Following the departure of Yahoo and LinkedIn, Apple is now one of the few high-profile international technology companies with a presence in China. Apple has already created its own place in the huge tempting market Serious concessions to the Chinese government. At this stage, it is not clear how much impact it will have on PIPL Apple’s business in China.
Companies seeking to share data outside of China will now also have to go through a national security review, said James Gong, China-based partner at law firm Bird & Bird. Individual guidelines Translated by DigiChina Reveals that broader companies will likely face national security reviews, including sending “critical data” abroad. Companies that hold data on more than a million people and want to send information abroad will also face review. In the process of this review any company of reasonable size operating in and outside China can be removed.
As part of the security review, companies must submit an agreement between themselves and the foreign partner receiving the data and complete a self-assessment. This includes why data is being transferred outside of China, what kind of information is being sent, and the risks involved. All of this combined can create some uncertainty for companies doing business in China, Gong said. “They need to consider reshaping their current business, management, and IT structure and associated costs.”
While PIPL may force Chinese domestic companies to improve how they handle data, it will also have an impact on wider data regulation around the world; The main difference is the US approach to GDPR and privacy – especially the retaliatory blacklist. “These are purely political provisions,” Lee said. “These provisions are invisible to any other global privacy proposals.”
The biggest impact of China’s new privacy law, and its protectionist, political spin, could be on other countries that are still developing their own data protection policies, or rewriting them for the digital age. “We are concerned that other Asian countries may follow the Chinese approach of localizing that data in their privacy laws,” Li said. “We are already seeing, for example, the privacy drafts of India and Vietnam having some such provisions.”
More great cable story