Ignore China’s New Data Privacy Law at Your Own Risk
[ad_1]
It is an inevitable mistake of China’s personal data law that it does not prevent the state itself from having access to the personal information of citizens. People living in China will still be one of the most caring and censored people on the planet. “The Chinese government is the biggest threat to individual privacy, and I don’t know if that will affect them,” says Omer Ten, a partner at Goodwin’s law firm, which specializes in privacy and cybersecurity.
The PIPL differs from other data regulations in that it reflects the broader political objectives of the country that enforces it. “If European data protection laws are based on fundamental rights and U.S. privacy laws are based on consumer protection, China’s privacy law is closely tied to national security, and I would say even based on that,” Ten says.
In fact, the PIPL in China’s cybersecurity law lays down a requirement for companies to store personal data in China. Telecommunications, transport, financial companies and other entities considered critical for information infrastructure already had to do this. But that requirement now applies to any company that collects a certain amount of people’s data, which is yet to be determined. After leaving Yahoo and LinkedIn, Apple is now one of the small high-tech international companies with a presence in China. To maintain its place in the lucrative market, Apple has done it before Serious concessions to the Chinese government. At this stage, it is not clear how much impact the PIPL will have Apple’s business in China.
Companies that want to share data outside of China also need to do a national security review, says James Gong, a China-based partner in the law firm of Bird & Bird. Separate guidance Translated by DigiChina reveals that a wide range of companies are likely to face national security reviews, including those that send “relevant data” abroad. Companies with data on more than a million people and companies that want to send information abroad will also have reviews. Any reasonably sized company operating in China and outside China could be excluded from this review process.
As part of the security reviews, companies will be required to submit a contract between themselves and the foreign partner receiving the data and conduct a self-assessment. This involves determining why data is being transferred outside of China, the types of information being sent, and the risks involved. All of this combined can create uncertainty for companies doing business in China, Gong says. “They will have to look at the current business, management and restructuring of the IT structure and associated costs.”
While the PIPL will force Chinese home companies to improve the way they handle data, it will also have an impact on broader data standards around the world; there are key distinctions between him, the GDPR, and views of U.S. privacy, especially the blacklist of revenge. “They’re purely political provisions,” Leek says. “These provisions are not seen in a global privacy proposal.”
The biggest impact of China’s new privacy law — and its protectionist and political turn — may be its impact on other countries that are still developing their data protection policies, or on other countries that are being rewritten for a digital age. “We are concerned that other Asian countries may follow China’s approach to having these data localization measures in their privacy law,” Leek says. “We are already seeing, for example, that the India and Vietnam privacy drafts have some such measures.”
WIRED more great stories
[ad_2]
Source link