Skip to main content

Abstract

China (This chapter comes from earlier publication, Robert Walters, Current status of China’s cybersecurity-data protection laws, Privacy Law Bulletin 17(4):60–64 (5 pages) 04 Aug 2020. They have embraced technology to advance their sovereign needs. China and its people have a remarkable story emerging from third world status to arguably first world status in a very short period of time, when compared to many western countries. They have lifted more than 1 billion people out of poverty in less than 50 years. Thus, the resulting effect has seen the development of quite different laws for the protection and management of personal data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The 1980s, privacy was protected under the General Principles of the Civil Law by deeming it as part of the right to protection of a person’s reputation.

  2. 2.

    Starting from the early 1990s, privacy was recognised as a personality interest. An individual whose privacy has been infringed was granted a right to seek compensation for psychological damages under Article 1 of the Interpretation of the Supreme People’s Court on Issues Regarding the Ascertainment of Liability for Compensation for Psychological Damages in Civil Torts. However, privacy was not yet recognised as a separate human right.

  3. 3.

    Privacy right was expressly recognised as one of the protected interests under the Law of Tort enacted in 2009. An individual may take civil action for infringement of privacy right under the Law of Tort. For the first time, the concept of privacy right has been acknowledged under the civil law in the mainland of China.

  4. 4.

    Sacks, S, China’s Emerging Data Privacy System and GDPR, 2018, https://www.csis.org/analysis/chinas-emerging-data-privacy-system-and-gdpr. So far, China’s data protection regime consists of the Cybersecurity Law, a handful of accompanying measures, and at least 10 draft standards that deal with both data flows and protection of personal information. In addition, the government is working on a new law focused specifically on personal information protection.

  5. 5.

    Eberhard, W, (2004) A History of China Gutenburg Ebook A History of China, http://library.umac.mo/ebooks/b30863582.pdf

  6. 6.

    Ibid.

  7. 7.

    Ibid.

  8. 8.

    Liu, J, Overview of the Chinese Legal System, https://elr.info/sites/default/files/chinaupdate1.1.pdf

  9. 9.

    Chen JF (1999) Chinese law: towards an understanding of Chinese law, its nature, and development, Kluwer, The Hague.

  10. 10.

    Ibid.

  11. 11.

    Ibid.

  12. 12.

    Ibid.

  13. 13.

    Eberhard, W, (2004) A History of China Gutenburg Ebook A History of China, http://library.umac.mo/ebooks/b30863582.pdf

  14. 14.

    Ibid.

  15. 15.

    Wang, L,M Privacy Protection in China: Paths, Characteristics and Issues, The International Conference of Data Protection and Privacy Commissioners (ICDPPC) 2017, https://www.privacyconference2017.org/eng/files/programme_booklet.pdf

  16. 16.

    Ibid.

  17. 17.

    Ibid, in the 1980s, privacy was protected under the General Principles of the Civil Law by deeming it as part of the right to protection of a person’s reputation.

  18. 18.

    Ibid, starting from the early 1990s, privacy was recognised as a personality interest. An individual whose privacy has been infringed was granted a right to seek compensation for psychological damages under Article 1 of the Interpretation of the Supreme People’s Court on Issues Regarding the Ascertainment of Liability for Compensation for Psychological Damages in Civil Torts. However, privacy was not yet recognised as a separate human right.

  19. 19.

    Ibid, privacy right was expressly recognised as one of the protected interests under the Law of Tort enacted in 2009. An individual may take civil action for infringement of privacy right under the Law of Tort. For the first time, the concept of privacy right has been acknowledged under the civil law in the mainland of China.

  20. 20.

    Ibid.

  21. 21.

    Wang, H, Protecting Privacy in China: A Research on China’s Privacy Standards and the Possibility of Establishing the Right to Privacy and the Information Privacy Protection Legislation in Modern China, Springer (2011).

  22. 22.

    Ibid.

  23. 23.

    Ibid.

  24. 24.

    Ibid.

  25. 25.

    Ibid.

  26. 26.

    Ibid.

  27. 27.

    Ibid.

  28. 28.

    Ibid.

  29. 29.

    Ibid.

  30. 30.

    Ibid.

  31. 31.

    Kong, L, Enacting China’s Data Protection Act, International Journal of Law and Information Technology, Vol 18, Issue 3, (2010), 197–226.

  32. 32.

    Ibid.

  33. 33.

    Ibid.

  34. 34.

    Wenting, Z, Online personal data thefts on the rise in Shanghai, https://www.chinadaily.com.cn/china/2013-07/31/content_16854401.htm

  35. 35.

    Ibid.

  36. 36.

    Ibid.

  37. 37.

    Ibid.

  38. 38.

    Ibid.

  39. 39.

    Wei Sheng, One year after GDPR, China strengthens personal data regulations, welcoming dedicated law, In with Chinese Characteristics, (2019), https://technode.com/2019/06/19/china-data-protections-law/

  40. 40.

    Personal Information Security Specification, English version, https://www.newamerica.org/cybersecurity-initiative/digichina/blog/translation-chinas-personal-information-security-specification/ Chinese version, https://www.tc260.org.cn/upload/2018-01-24/1516799764389090333.pdf

  41. 41.

    Articles 38–40.

  42. 42.

    Article 101.

  43. 43.

    Supreme People’s Court’s Tentative Opinion on the Enforcement of the PRC General Principles of Civil Law, 26 January 1988, para 140.

  44. 44.

    Supreme People’s Court’s Answers to Questions about the Trial of Reputation Cases, 7 August 1993, Question 7.

  45. 45.

    Cybersecurity Law of the People’s Republic of China, Order No. 53 of the President, http://en.pkulaw.cn/display.aspx?cgid=4dce14765f4265f1bdfb&lib=law

  46. 46.

    Xia, S China’s New Child Privacy Protection Rules, (2019), https://www.chinalawblog.com/2019/09/chinas-new-child-privacy-protection-rules.html Huton Andrews Kurth LLP, China Issues Provisions on Cyber Protection of Children’s Personal Information, https://www.lexology.com/library/detail.aspx?g=625d3bb3-ec70-4626-b37d-ae0b9092c307&utm_source=lexology+daily+newsfeed&utm_medium=html+email+-+body+-+general+section&utm_campaign=australian+ihl+subscriber+daily+feed&utm_content=lexology+daily+newsfeed+2019-10-09&utm_term

  47. 47.

    Ibid, additionally, parental consent is needed for the network operator where and for how long data will be stored. How the data will be handled upon expiration of the retention period. The measures that will be undertaken to safeguard children’s personal information. The consequence of not giving parental consent. How to lodge a complaint. How to modify or delete children’s personal information. Other matters of which the parents should be aware.

  48. 48.

    Ibid.

  49. 49.

    Cybersecurity Law of the People’s Republic of China, Order No. 53 of the President, http://en.pkulaw.cn/display.aspx?cgid=4dce14765f4265f1bdfb&lib=law

  50. 50.

    Ibid.

  51. 51.

    Ibid.

  52. 52.

    Ibid.

  53. 53.

    Ibid.

  54. 54.

    Cybersecurity Law of the People’s Republic of China, Order No. 53 of the President. Article 3, goes onto state, the State advances the construction of network infrastructure and interconnectivity, encourages the innovation and application of network technology, supports the cultivation of qualified cybersecurity personnel, establishes a complete system to safeguard cybersecurity, and raises capacity to protect cybersecurity.

  55. 55.

    Ibid, Article 4.

  56. 56.

    Ibid, Article 5, The State protects critical information infrastructure against attacks, intrusions, interference, and destruction; the State punishes unlawful and criminal cyber activities in accordance with the law, preserving the security and order of cyberspace.

  57. 57.

    Ibid, Article 6.

  58. 58.

    Ibid, Article 9.

  59. 59.

    Translation: Cybersecurity Law of the People’s Republic of China (June 1, 2017) https://www.newamerica.org/cybersecurity-initiative/digichina/blog/translation-cybersecurity-law-peoples-republic-china/

  60. 60.

    Cybersecurity Law of the People’s Republic of China, Order No. 53 of the President, http://en.pkulaw.cn/display.aspx?cgid=4dce14765f4265f1bdfb&lib=law. Article 2.

  61. 61.

    Ibid.

  62. 62.

    Ibid, Article 22.

  63. 63.

    TC260 Chinese, (English version) Information Security Technology-Personal Information Security Specification, https://www.newamerica.org/cybersecurity-initiative/digichina/blog/translation-chinas-personal-information-security-specification/ Chinese Version, https://www.tc260.org.cn/upload/2018-01-24/1516799764389090333.pdf

  64. 64.

    Ibid, section 3.1, 3.2. SXia, S,China’s New Child Privacy Protection Rules, (2019), https://www.chinalawblog.com/2019/09/chinas-new-child-privacy-protection-rules.html Huton Andrews Kurth LLP, China Issues Provisions on Cyber Protection of Children’s Personal Information, https://www.lexology.com/library/detail.aspx?g=625d3bb3-ec70-4626-b37d-ae0b9092c307&utm_source=lexology+daily+newsfeed&utm_medium=html+email+-+body+-+general+section&utm_campaign=australian+ihl+subscriber+daily+feed&utm_content=lexology+daily+newsfeed+2019-10-09&utm_term

  65. 65.

    Cybersecurity Law of the People’s Republic of China, Order No. 53 of the President, Article 12.

  66. 66.

    Chinese, (English version) Information Security Technology-Personal Information Security Specification, https://www.newamerica.org/cybersecurity-initiative/digichina/blog/translation-chinas-personal-information-security-specification/ Chinese Version, https://www.tc260.org.cn/upload/2018-01-24/1516799764389090333.pdf, Article 7.5.

  67. 67.

    Ibid.

  68. 68.

    Cybersecurity Law of the People’s Republic of China, Order No. 53, Article 5.3–5.4. Note further exemption also apply where the controller who is acting as a news agency to make legal news reports, or as an academic research institute to conduct statistical or academic research that is in the public interest, which has also de-identified the personal information before providing to these institutions (academic research), or specified by any other law.

  69. 69.

    Ibid.

  70. 70.

    Cybersecurity Law of the People’s Republic of China, Order No. 53, Article 5.5.

  71. 71.

    Ibid.

  72. 72.

    Ibid, Article 8, cybersecurity protection, supervision, and management duties for relevant departments in people’s governments at the county level or above will be determined by relevant national regulations.

  73. 73.

    Ibid.

  74. 74.

    Ip, K., Lau, N., Gong, J., China: China’s First Regulation On Children’s Online Privacy, Herbert Smith Freehills, September 2019, https://sites-herbertsmithfreehills.vuturevx.com/95/20753/september-2019/china-s-first-regulation-on-children-s-online-privacy.asp?sid=56d3bb39-faab-43a3-967a-6cbeb683e586&utm_source=Mondaq&utm_medium=syndication&utm_campaign=inter-article-link

  75. 75.

    Ibid.

  76. 76.

    Ibid.

  77. 77.

    Ibid.

  78. 78.

    Ibid.

  79. 79.

    Ibid.

  80. 80.

    Ibid.

  81. 81.

    Ibid.

  82. 82.

    Ibid.

  83. 83.

    Ibid.

  84. 84.

    Ibid.

  85. 85.

    General Data Protection Regulation 2016/679 Article 8.

  86. 86.

    Karen Ip, Nanda Lau, James Gong, China: China’s First Regulation On Children’s Online Privacy, Herbert Smith Freehills, September 2019, https://sites-herbertsmithfreehills.vuturevx.com/95/20753/september-2019/china-s-first-regulation-on-children-s-online-privacy.asp?sid=56d3bb39-faab-43a3-967a-6cbeb683e586&utm_source=Mondaq&utm_medium=syndication&utm_campaign=inter-article-link

  87. 87.

    Ibid.

  88. 88.

    Cybersecurity Law of the People’s Republic of China, Order No. 53, Article 51.

  89. 89.

    Cybersecurity Law of the People’s Republic of China, Order No. 53, Article 52.

  90. 90.

    Cybersecurity Law of the People’s Republic of China, Order No. 53, Articles 53 and 54.

  91. 91.

    Cybersecurity Law of the People’s Republic of China, Order No. 53, Articles 21–25.

  92. 92.

    Ibid, Article 59. Unauthorized ending of the provision of security maintenance for their products or services.

  93. 93.

    Ibid, Article 61.

  94. 94.

    Ibid, Article 64.

  95. 95.

    Ibid, Article 68. Where electronic information service providers and application software download service providers do not perform their security management duties provided for in Paragraph 2 of Article 48 of this Law, punishment shall be in accordance with the provisions of the preceding paragraph.

  96. 96.

    Ibid, Article 69.

  97. 97.

    Ibid, Article 65.

  98. 98.

    Ibid, Article 62.

  99. 99.

    Ibid, Article 63. Where units have engaged in the conduct of the preceding paragraph, public security organizations shall confiscate unlawful gains and levy a fine of between RMB 100,000 and 1,000,000, and the directly responsible persons in charge and other directly responsible personnel shall be fined in accordance with the preceding paragraph. Where Article 27 of this Law is violated, persons who receive public security administrative sanctions must not engage in cybersecurity management or key network operations positions for 5 years; those receiving criminal punishments will be subject to a lifetime ban on engaging in work in cybersecurity management and key network operations positions.

  100. 100.

    Ibid, Article 64.

  101. 101.

    Ibid, Article 69. Where units have engaged in conduct covered by the preceding paragraph, a fine of between RMB 100,000 and 500,000 shall be levied by public security organizations, and the principal responsible managers and other directly responsible personnel shall be fined in accordance with the preceding paragraph.

  102. 102.

    Tan, M., Jiang, H., Wessing, T, New Guidelines for APP Privacy Behaviour, https://www.lexology.com/library/detail.aspx?g=e0c55fd3-7347-48db-b0ce-2ca285ae1426&utm_source=Lexology+Daily+Newsfeed&utm_medium=HTML+email+-+Body+-+General+section&utm_campaign=Australian+IHL+subscriber+daily+feed&utm_content=Lexology+Daily+Newsfeed+2020-01-10&utm_term=

  103. 103.

    Ibid.

  104. 104.

    Ibid.

  105. 105.

    Ibid.

  106. 106.

    Theil, S., Bigg, C., Tam, K, DLA Piper Data Protection https://blogs.dlapiper.com/privacymatters/china-privacy-security-and-content-regulation-to-increase-in-2020/

  107. 107.

    Chen, Q, China’s New Data Protection Scheme: China has released a draft regulation fleshing out its cybersecurity law, https://thediplomat.com/2019/07/chinas-new-data-protection-scheme/ See also, A look at China’s draft of Personal Information Protection Law, https://iapp.org/news/a/a-look-at-chinas-draft-of-personal-data-protection-law/ China unveiled its draft of the Personal Information Protection Law for public consultation Oct. 21, 2020. Taking a closer look at the draft PIPL, it is easy to see many provisions in it are inspired by the EU General Data Protection Regulation.

  108. 108.

    Ibid.

  109. 109.

    Ibid.

  110. 110.

    A look at China’s draft of Personal Information Protection Law, https://iapp.org/news/a/a-look-at-chinas-draft-of-personal-data-protection-law/

  111. 111.

    Ibid.

  112. 112.

    Ibid.

  113. 113.

    Sacks, S, China’s Emerging Data Privacy System and GDPR, Center for Strategic and international Studies, 2018, https://www.csis.org/analysis/chinas-emerging-data-privacy-system-and-gdpr

  114. 114.

    Information Security Technology – Personal information security specification, https://www.tc260.org.cn/upload/2018-01-24/1516799764389090333.pdf – Chinese version.

  115. 115.

    Yin, D, China Internet Regulators Define Privacy Violations for Apps, Data Companies, December 2019, https://www.caixinglobal.com/2019-12-31/china-internet-regulators-define-privacy-violations-for-apps-data-companies-101499601.html

References

Download references

Author information

Authors and Affiliations

Authors

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Walters, R., Novak, M. (2021). China. In: Cyber Security, Artificial Intelligence, Data Protection & the Law . Springer, Singapore. https://doi.org/10.1007/978-981-16-1665-5_12

Download citation

  • DOI: https://doi.org/10.1007/978-981-16-1665-5_12

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-16-1664-8

  • Online ISBN: 978-981-16-1665-5

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics