An Overview of China's Cybersecurity & Data Protection Regulation

探讨中国的网络安全和数据保护监管

December 15, 2018 | BY

Susan Mok

Jet Deng and Ken Dai of Dentons discuss theregulation of data protection in China, the recentlyintroduced guidelines for protecting personalinformation and how they regulate big data andartificial intelligence, how data protection andcybersecurity laws affect overseas data transfersand e-commerce platforms, and what e-commerceplatforms should do to comply with cybersecurityregulations 大成律师事务所的邓志松律师和戴健民律师探讨了中国的数据保护监管,最近发布的个人信息保护指引及其如何监管大数据和人工智能,数据保护和网络安全法规如何影响数据出境和电商平台,以及电商平台如何遵守网络安全法规

Share:

1 . WHAT ARE THE CURRENT TRENDS AND DEVELOPMENTS IN THE DATA PROTECTION REGIME AND LAW ENFORCEMENT IN CHINA?

No dedicated data protection law has yet been issued. The main related regulations include:

  • The Constitution (2018 Revision), which specifies that the personal dignity of a citizen may not be infringed, that citizens have the freedom of communications and the right of confidential communications and that the state respects and guarantees human rights.
  • The Bill to Amend the Criminal Law (7) (effective as of February 28, 2009) brings the acts of illegally obtaining, selling and providing the personal information of citizens within the scope of regulation by the Criminal Law. The Bill to Amend the Criminal Law (9) (effective as of November 1, 2015) combines the “crime of selling or illegally providing the personal information of citizens” and the “crime of illegally obtaining the personal information of citizens” into the “crime of infringing the personal information of citizens”. The Cybersecurity Law (effective as of June 1, 2017) defines “personal information” for the first time in legal form and sets forth the rules for the collection and use of personal information by network operators. The General Provisions of the Civil Law (effective as of October 1, 2017) establish for the first time the independent civil rights status of personal information. The Electronic Commerce Law (the E-commerce Law) (effective as of January 1, 2019) specifies the obligation of e-commerce operators to protect the personal information of users. The Personal Information Protection Law is currently being drafted, signifying that the protection of personal information will soon be greeted by dedicated legislation.
  • Since the Cybersecurity Law entered into force, the main complementary regulations relating to it include the Measures for Security Assessments of the Transfer of Personal Information and Important Data Overseas (Draft for Comments), the Specification for Personal Information Protection, the Guidelines for De-identification of Personal Information (Draft for Comments) and the Guidelines for Data Cross-border Transfer Security Assessment (Draft for Comments).
  • In terms of industry specifications, there are the Guidelines for the Governance of the Data of Banking Financial Institutions (effective as of May 21, 2018) and the Provisions for the Administration of the Security of Civil Aviation Network Information (Trial Implementation) (Draft for Comments).

 

2 . CAN YOU BRIEFLY DESCRIBE FOR US THE GUIDELINES FOR