Official Partners Bar Council Cilex Law Society

Menu

GDPR and China Cyber Security Laws

gdpr

It would be a falsehood to say that the GDPR did not change the legal landscape of how businesses and consumers handle their data, far more than that, it has begun to shape even the policies of other jurisdictions.

Yet how does GDPR compare to other data security law around the world? We discuss the answer to that question by looking at the Chinese Cyber Security Law.


Take 30 seconds to sign up to TLP and you’ll receive free, tailored information for your aspirations and stage straight to your inbox, as well as be the first to know about new, free events – what are you waiting for?

Sign-Up Now

Background

For some background, the law that China released on the 1stof June 2017 (a good year before the release of GDPR officially came into force) drew strongly from the GDPR, as the latter was framed in November 2016. This was a few months after GDPR became formalized for the public in April 2016.

Similarities

The similarities contained within the two acts, which suggest a copying of the legal requirements are as follows:

Differences

However, that is where the similarities appear to end. In a broad sense the two laws were the same, however some differences at least at the outset emerged. Within the Chinese law:

These similarities and differences existed within the 2016/17 versions, however following the implementation of GDPR in May 2018 the Chinese Cyber Security law underwent further modification in order to gain the benefits from the new European system.

Want to know how to discuss the GDPR at law interviews? Click here to find out more >>

Changes

This modified law placed new emphasis on:

Affected Industries

It also set out which areas are deemed as critical industries and thus deserve greater protections:

Implementation

The Chinese cyber security law has some other differences namely in reference to governing bodies, however the starkest contrast has been in the implementation.

For many, the current laws have been used to target firms with international interests. This is because many of the laws, for example information being kept within China give Chinese firms an automatic edge. This means that they would be unaffected in their practices anyway since companies such as Alibaba have a predominately Chinese market base.

Click here for another big news story that has recently affected the legal industry >>

Impact on International Firms including those from the UK

For international firms such as Whatsapp, which transports data between countries via encryption, issues may occur unless the Chinese government grants the company in question permission to transfer information. However even in that case, a clause within the amendments article 36 of the act requires that:

“Where such information and data have to be provided abroad for business purpose, security assessment shall be conducted pursuant to the measures developed by the CAC together with competent departments of the State Council, unless otherwise provided for in laws and administrative regulations”.

This means that the Chinese government, if they so desire, can look at business information including trade secrets where it relates to Chinese citizens personal information being sent abroad.

This specific approach differs significantly from GDPR which under article 42 permits data transfer without checking the information so long as the third-party country in receipt of the data can prove its ability to keep the data secure.

Did you know the we are now officially partnered with The Law Society? Here’s how it’ll affect you >>

Future dilemma

At present, GDPR and the Chinese Cyber Security Law have not run foul of one another, yet both are newly introduced and only starting to acclimatise. On top of that, both are open to innovation and will have to deal with new technologies handling data as well as navigate a changing political landscape from Brexit.

For more legal news hot topics:

Author: Cameron Haden

Loading

Loading More Content