Weber Philip Andreas,Zhang Nan,Wu Haiming

DOI: https://doi.org/10.1007/s10660-020-09422-3

2020-01-01

Electronic Commerce Research

Abstract:The growth of e-commerce and other platforms has significantly increased the amount of personal data that is shared and submitted online; however, the adequate and secure collection and processing of these data is of great concern. With the EU’s implementation of a new data protection regulation in 2018, the development of personal data protection globally has reached an important turning point and has sparked the interest of scholars and businesses. Text coding was employed to compare the current personal data protection regulation landscape in the EU and in China to discover the differences between the General Data Protection Regulation and the personal data protection regulations of the fastest-growing economy in e-commerce. The results show that while there are several similarities in regard to general requirements, such as principles of data processing and basic rights for data subjects, China’s personal data protection regulations tend to lack specific operational requirements and strong legal enforcement. Based on the research results, implications and recommendations for the government and companies are provided.

Jun Yang

DOI: https://doi.org/10.3917/pinc.010.0008

2022-01-01

Abstract:The note below is intended to provide the readers with an introductory review of the scope of the application of PIPL, the fundamental rules (both general and specific) governing processing, the outbound data transfer, the rights of data subjects as well as the obligation and liabilities of the processor under the PRC PIPL. The long-awaited “PRC Personal Information Protection Law” (“PIPL”) was finally unveiled on August 20, 2021, and took effect on November 1, 2021. As the last piece of the Chinese legislative trilogy in data protection area (after “Cyber Security Law” [‘CSL”] in 2016 and “Data Security Law” [« DSL”] in June, 2021), this legislative milestone will have immediate and lasting impact on the data protection in China. PIPL which was released amid Beijing’s continued regulatory crackdown on Chinese tech giants would not only help the Chinese regulator to end the wild practices in the local market in the short term but also achieve a rebalance between commercial exploitation of personal information and protection of data subjects. PIPL will profoundly change our daily life and the way how the corporate citizens operate in China (and in overseas jurisdictions) in various fronts ranging from the design of their products/services, defining (redefining) their operating rules to internal decision-making process. This article is intended to offer you an overview of some key aspects of this new law.

Ming Hu,Tao Hong

DOI: https://doi.org/10.1515/ijld-2024-2012

2024-01-01

International Journal of Legal Discourse

Abstract:Abstract A significant portion of the misunderstanding surrounding China’s human rights protection stems from a failure to consider its legal progress in light of China’s unique cultural, ideological, and political contexts. The Criminal Procedure Law of China is closely linked to constitutional principles and the fundamental first generation of human rights, providing a clear framework for understanding China’s efforts in human rights protection. As widely accepted standards for human rights codification, Articles 9, 17, and 14 of the International Covenant on Civil and Political Rights (ICCPR) outline the right to personal liberty, privacy, and the defense of the accused. Initially, China’s Criminal Procedure Law of 1979 fell short of meeting these global standards. However, with substantial revisions in 1996, 2012, and 2018, this specific code has progressively aligned with the covenant’s requirements, marking significant strides in human rights protection in China. Despite these advances, there remains room for improving the Criminal Procedure Law, especially under the challenges of the digital age. China, alongside other nations, will focus on building a more comprehensive, robust, and globally integrated legal framework to address the forthcoming issues.

Wenlong Li,Jiahong Chen

DOI: https://doi.org/10.1016/j.clsr.2024.105994

2024-06-13

Abstract:This paper explores the evolution of China's Personal Information Protection Law (PIPL) and situates it within the context of global data protection development. It draws inspiration from the theory of 'Brussels Effect' and provides a critical account of its application in non-Western jurisdictions, taking China as a prime example. Our objective is not to provide a comparative commentary on China's legal development but to illuminate the intricate dynamics between the Chinese law and the EU's GDPR. We argue that the trajectory of China's Personal Information Protection Law calls into question the applicability of the Brussels Effect: while the GDPR's imprint on the PIPL is evident, a deeper analysis unveils China's nuanced, non-linear adoption that diverges from many assumptions of the Brussels Effect and similar theories. The evolution of the GDPR-inspired PIPL is not as a straightforward outcome of the Brussels Effect but as a nuanced, intricate interplay of external influence and domestic dynamics. We introduce a complementary theory of 'gravity assist', which portrays China's strategic instrumentalisation of the GDPR as a template to shape its unique data protection landscape. Our theoretical framework highlights how China navigates through a patchwork of internal considerations, international standards, and strategic choices, ultimately sculpting a data protection regime that has a similar appearance to the GDPR but aligns with its distinct political, cultural and legal landscape. With a detailed historical and policy analysis of the PIPL, coupled with reasonable speculations on its future avenues, our analysis presents a pragmatic, culturally congruent approach to legal development in China. It signals a trajectory that, while potentially converging at a principled level, is likely to diverge significantly in practice [...]

Computers and Society

Jianwen Zhang,Huan Yang

DOI: https://doi.org/10.17803/2587-9723.2021.4.074-081

2021-09-16

Legal Science in China and Russia

Abstract:Digital data is a new factor of production in the information age. In the context of the rapiddevelopment of the latest technologies, such as big data, artifi cial intelligence, cloud computing andblockchain, as well as the continuous development of the digital economy, digital data plays an important role in the development of enterprises. Data security issues affect the development of a countryand its security, are related to public interests, and are also closely related to the personal rights of its citizens. It is necessary to regulate data protection at the legal level.July 2, 2020 the website of the National People’s Congress published the Data Security Law of the People’s Republic of China (draft), which systematically refl ects the current national point of view on data security and development, noting the improvement of data security to the level of state security. Like the Cybersecurity Law, it is a component of the general concept of national security, belongs to the highest level of law and has the highest legal force. This law is of great strategic importance for building a data protection system in the PRC.As the main law in the fi eld of data security management ,the Data Security Law has made certain breakthroughs in the defi nition of the concept of data. The concept of data in the Data Security Law is not limited to network data, but includes information recorded in electronic form and in other ways; the necessary extraterritorial consequences are provided for in the draft Data Security Law, which is of great importance for the protection of national sovereignty and civil rights of the People’s Republic of China; the relationship between data security protection, data development and use is clarifi ed, and the status of data in the development of the digital economy is clarifi ed through legislation in order to fully demonstrate the economic value of data; the main body responsible for security, supervision and overall coordination has been created, the main responsibilities of various regions and departments have been increased, supervision responsibilities have been redistributed, which is more in line with the needs and current situation in data security supervision; a data classifi cation system has been established that promotes the relevant work of data security surveillance agencies; an appropriate mechanism has been created at the state level in the system of data security risk assessment, reporting, information exchange, monitoring and early warning; a data export control system and a mutual data protection system were created, as well as the construction of a cross-border data fl ow system of the PRC was standardized; data protection obligations in organizations and for individuals performing data operations and performing data protection duties were clarifi ed; adhere to the principles of security and development and provide measures to support and promote data security and development; institutional measures have been taken to ensure the security of government data.The draft law on data security contains a comprehensive concept of information security. The upcoming Law on Data Security will contain recommendations and basic principles for ensuring data security and development. All industries will have to pay attention to an integrated management system and various supporting provisions to ensure data security and development. Gradually, a favorable environment will be created for the effective use of data and safe development, which will signifi cantly contribute to the rapid development of informatization and digitization.The Data Security Law includes all types of information in the fi eld of protection. In the future, the Law on Data Security should pay attention to the Law on Cybersecurity, Law on State Security and Law on the Protection of Personal Information, which are under development, supplement and improve today’s relatively disparate legislation related to data security. The laws and regulations of the PRC on data security will be carefully developed on the basis of these three laws in order to fully implement the development, use of data and industrial development, thereby promoting new provisions in the creation of a legal data security system.

Gong Nan,,

DOI: https://doi.org/10.21638/spbu14.2023.110

2023-01-01

Abstract:In the development of China’s Internet industry and digital economy, great importance is attached to the protection of personal data and seriously protects the legitimate rights and interests of citizens’ personal data. Generally speaking, with the development of technology and industry, China’s personal data protection has gone from “indirect protection” to “direct protection” and then to “comprehensive protection”. In the early years of China’s Internet industry, the indirect protection of personal data was mainly achieved through the protection of the “rights to privacy” of citizens. Since the Internet industry of the People’s Republic of China has entered a stage of rapid development, the state began to directly protect personal data in accordance with the provisions of the Chapter “Network Information Security” established in the “Cyber Security Law” of 2016, establishes several principles for the collection and use of personal data, protection requirements information security. Until November 1, 2021, the “Personal Data Protection Law of the People’s Republic of China” (PPD) was adopted to comprehensively protect personal data, reflecting the ideology of development focused on bringing the people to the center, meeting the new needs and aspirations of the people in the new era, and also proposing the creation international digital legal order “Chinese version”. The PPD further expands the scope of the object of personal data protection, comprehensively establishes the rights of individuals to process data, strengthens the obligations to protect personal data processors, creates strict rules for the protection of sensitive personal data and regulates the processing of personal data by public authorities, as well as improving the means of legal protection of personal data, all of which are important points in the legislation. The law incorporates advanced foreign experience, while emphasizing Chinese wisdom, the spirit of the times, and practicality in accordance with the reality of China.

Yang Feng

DOI: https://doi.org/10.1080/10192557.2019.1646015

IF: 0.542

2019-01-01

Asia Pacific Law Review

Abstract:On 10 September 2018, the Standing Committee of the National People's Congress of China updated its legislative agenda and planned to enact a comprehensive data protection law by March 2022. This Plan would end the longstanding speculation among Chinese scholars and foreign observers about the direction of China's data protection regime. Nevertheless, whether such a law can be enacted on time remains uncertain. This article examines the current challenges to the creation of a workable data protection law in China. The main challenges are related to the hasty implementation of the information and communications technology (ICT) development strategies, the current weak legal framework and the unprepared scholars and lawmakers. This article concludes that the enactment of a data protection law is not an easy task. This task is likely to be delayed, suspended, or proved to be a failure if the aforementioned obstacles are not resolved properly. Finally, to provide meaningful data protection, this article provides four basic policy and legal recommendations: (1) pay more attention to protecting individuals' personal data against unreasonable use by industry and government; (2) cautiously learn from legislative experience of western countries; (3) explore the best practices under Chinese contexts; and (4) enforce the protection rules in a more meaningful manner.

Shujie Cui,Peng Qi

DOI: https://doi.org/10.1016/j.clsr.2021.105560

2021-07-01

Abstract:<p>Personal information protection and privacy interact in diverse ways, especially in the contemporary information age. Although books and articles have focused on this topic, the new tendencies of worldwide legislation and judicial practice bring challenges, as the legal construction of personal information protection and privacy differs from culture to culture and time to time. In 2017, the General Provisions of the Civil Law of the People's Republic of China ("the General Provisions of the Chinese Civil Code" hereafter)<a class="workspace-trigger" href="#cit_1">¹</a> (expired) addresses the legal concepts of personal information protection and the right to privacy simultaneously, to which this article refers as the dual model, differing from the one-dimensional mode of privacy protection before. Subsequently, the "The Right to Privacy and the Protection of Personal Information," a chapter of the newly issued Civil Code of the People's Republic of China's ("the Chinese Civil Code" hereafter), ascertains the dual model and details related provisions. It has been dubbed a landmark ruling of China's personal information protection, greatly boosting the modernization of China's civil system.</p><p>Despite the many articles that discuss approaches to China's civil protections, little attention has been given to the fundamental question concerning what exactly encompasses the personal information protection and privacy to which these laws refer. Based on the regulations and applicability of the General Provisions of the Chinese Civil Code and the Chinese Civil Code, this paper explores the legal construction of personal information protection and privacy under Chinese legal orders, including the differences, similarities, and interplay between the two rights. By distinguishing the legal value, contents and remedial approaches, this paper concludes that the two rights are distinct but overlap. On one side, personal information protection is elevated to the status of a separate civil right in the legal context of China, rather than part of privacy. On the other side, tailored regulations should be establish according to the criteria of the nature of information, the extent of information processing, and the elements of damage when confronted with overlaps in the two rights in judicial practice. Thus, this paper provides a perspective from which to clarify the approaches to civil protection of personal information and privacy in China and a reference model for enactment of the Chinese Personal Information Protection Law in the the future.</p>

law

Ella Gorian

DOI: https://doi.org/10.7256/2454-0595.2021.5.36237

2021-05-01

Административное и муниципальное право

Abstract:The object of this research is the legal relations in the sphere of regulation of personal data security in the financial and banking sector of the People's Republic of China. The characteristics is given to the current legislation of China (Civil Code, Personal Information Protection Law, and Cybersecurity Law), existing or draft bylaws in the field of personal data security. Attention is given the second revision of the draft law on personal information protection, as well as determination of the institutional mechanism for ensuring personal data security. The article examines the peculiarities of regulation of relations in the sphere of ensuring personal data security in the financial and banking sector, as well as characterizes &nbsp;the role of the financial regulator in this mechanism. The development of the mechanism for personal data protection is at completion stage; besides the adoption of the Civil Code of the People's Republic of China, which establishes the framework for regulation, two of the three special laws &ndash; Personal Information Protection Law and Cybersecurity Law &ndash; have already been adopted. The flagship law on Personal Information Protections is expected to be adopted by 2021. The aforementioned laws encompass all spheres of information security and ensure strong data protection regime: outline the scope of regulation, objects and subject composition, responsibility, and institutional control mechanism. The legal regime covers such aspects of relations as personal data of deceased persons, persons with reduced capabilities (due to age and health), as well as transnational data transfer. At this point, the financial and banking sector features a number of bylaws that set strict standards for ensuring personal information protection. The leading role in this mechanism is played by the financial regulator &ndash; the People's Bank of China. The standards adopted by the People&rsquo;s Bank of China require further examination, which would allow formulating recommendations for the improvement of the Russian legal system.

English Else

Zhangboyu Sun,Zixi Liu

DOI: https://doi.org/10.1051/shsconf/202315703006

2023-02-16

SHS Web of Conferences

Abstract:In the era of rapid development of big data, the problem of personal information leakage is widely concerned by the society. Among them, sensitive personal information related to the human dignity of natural persons or basic rights such as personal and property is more important. China introduced the Personal Information Protection Law in 2021 to improve the legal system of personal information protection in China, but due to the short development time of the relevant system for the protection of sensitive personal information, resulting in the legal protection of sensitive personal information faces serious challenges in practice, so it is especially important to improve the legal protection of sensitive personal information in China. Based on this, this paper firstly explains the concept and characteristics of sensitive personal information, then analyzes the shortcomings of the legal protection of sensitive personal information, and finally puts forward suggestions for improvement from different perspectives, including improving the principle of "informed consent", strengthening the supervision of industry self-regulation and improving the principle of imputation.

English Else

Bo Zhao,Yang Feng

DOI: https://doi.org/10.1016/j.clsr.2020.105498

IF: 2.707

2020-01-01

Computer Law & Security Review

Abstract:This Article seeks to map the possible paths of the development of China's data protection law by examining the changing power relations among three major actors - the State, digital enterprises and the public in the context of China's booming data-driven economy. We argue that focusing on different core values, these three major actors are the key driving forces shaping China's data protection regime. Their dynamic and multidimensional power relations have been casting the development of China's data protection law with various uncertainties. When persuing different, yet not always conflicting values, these three major actors may both cooperate and compete with each other. Based on our careful analysis of the shifting power relations, we identify and assess three possible paths of the development of China's data protection law. We are much concerned that the proposed comprehensive data protection law might be a new attempt of the State to win legitimacy abroad, while actually trying to reinforce massive surveillance besides economic goals. We argue that a modest alternative may be that this law might show some genuine efforts for protecting data privacy, but still with poor enforcement. Last, we argue that the most desirable development would be that this law could provide basic but meaningful and effective protection for data privacy, and lay a good foundation for further development.

Konrad Kollnig,Lu Zhang,Jun Zhao,Nigel Shadbolt

DOI: https://doi.org/10.1016/j.clsr.2024.106041

IF: 2.707

2024-09-03

Computer Law & Security Review

Abstract:Privacy in apps is a topic of widespread interest because many apps collect and share large amounts of highly sensitive information. In response, the Chinese legislator introduced a range of new data protection laws over recent years, notably the Personal Information Protection Law (PIPL) in 2021. So far, there exists limited research on the impacts of these new laws on apps' privacy practices. To address this gap, this paper analyses data collection in pairs of 634 Chinese iOS apps, one version from early 2020 and one from late 2021. Our work finds that many more apps now implement consent. Yet, those end-users that decline consent will often be forced to exit the app. Fewer apps now collect data without consent but many still integrate tracking libraries. Market concentration in app data collection has seen limited change. At the same time, there exists a larger number of influential and equal market participants than in the West. Among them, Apple was the only relevant foreign company. We see our findings characteristic of a first iteration at Chinese data regulation with room for improvement. With the help of enhanced technological capabilities, we expect increased enforcement of the new data rules. There is also room to refine the new laws and make them more targeted at mobile apps and the online sphere, particularly through clear and up-to-date technical specifications for software developers. As such, our findings could also be motivation for non-Chinese policy- and lawmakers to enhance their own data protection regimes.

law

Qin Zhou

DOI: https://doi.org/10.1080/10192557.2022.2117484

IF: 0.542

2022-09-14

Asia Pacific Law Review

Abstract:China's data governance has garnered global attention. An important part of data governance is the protection of personal data. Many believe that the newly issued Personal Information Protection Law (PIPL) can improve the protection of personal information in China. However, the merits of this specialized law rest in part on empirical exams. This paper explores whether the PIPL can solve the issues existing in online contracting for personal information in China. It firstly introduces provisions related to contracting for personal information before the promulgation of the PIPL. It then identifies three critical issues regarding online contracting for personal information in China after reviewing 202 online peer-to-peer lending platforms' terms of service and privacy policies. These issues include privacy policies that are not readily accessible, the substantial variation between terms of service and privacy policies pertaining to personal information collection, processing, sharing, and protection, and the bias of contractual terms. The paper further discusses whether the PIPL can help address three issues considered in the survey results. It argues that, even though the new law looks promising and may help address some of the issues in online contracting for personal information, its effectiveness ultimately depends on its enforcement and consumers' reaction to changes in the way firms contract for personal information. Therefore, this paper also calls for more empirical studies on China's personal information protection.

law

Le Cheng,Xitao Hu

DOI: https://doi.org/10.1177/21582440241299677

IF: 2.032

2024-01-01

SAGE Open

Abstract:Personal information security has become a critical concern in the digital era, so it is imperative to clearly delimit and define personal information. This study examines personal information legislation from a sociosemiotic perspective to identify the similarities and differences between legislation in the United States and China. It reviews the evolution of personal information in both countries, and explores their differences in the definition of privacy, the status quo of personal information legislation, the definition of personal information and cross-border personal information flow. The findings indicate that (1) personal information, noted as a social sign, has context-sensitive characteristics, i.e., spatiality and temporality; (2) the meaning-making process of personal information is a continuum; and (3) there exists an intersemiotic operation between language, law and society. Such a sociosemiotic exploration can shed light on relevant studies in the sociosemiotic analysis of legal discourse in particular as well as other context-sensitive discourses in general.

Daoxin Yin,Xiaojie Li,Ruishuang Liu,Luxia Zhang,Qi-Min Zhan

DOI: https://doi.org/10.1136/bmj-2022-072619

2022-10-17

BMJ

Abstract:Privacy aims must be reconciled with the need for medical research in the public interest

medicine, general & internal

Konrad Kollnig,Lu Zhang,Jun Zhao,Nigel Shadbolt

DOI: https://doi.org/10.48550/arXiv.2302.13585

2023-02-27

Computers and Society

Abstract:Privacy in apps is a topic of widespread interest because many apps collect and share large amounts of highly sensitive information. In response, China introduced a range of new data protection laws over recent years, notably the Personal Information Protection Law (PIPL) in 2021. So far, there exists limited research on the impacts of these new laws on apps' privacy practices. To address this gap, this paper analyses data collection in pairs of 634 Chinese iOS apps, one version from early 2020 and one from late 2021. Our work finds that many more apps now implement consent. Yet, those end-users that decline consent will often be forced to exit the app. Fewer apps now collect data without consent but many still integrate tracking libraries. We see our findings as characteristic of a first iteration at Chinese data regulation with room for improvement.

Chuyun Wang,Feifei Guo,Mengxuan Ji

DOI: https://doi.org/10.1155/2022/1678360

2022-08-30

Journal of Environmental and Public Health

Abstract:In the era of big data, while every citizen enjoys the convenience of the Internet, all kinds of information closely related to their personal and property are in a state of "streaking" for a long time. Personal information is frequently leaked, illegally misappropriated, and used. There are necessary requirements of network security. The risks and challenges faced by personal information in the context of big data increase. In the context of the rapid development of big data, the information is circulated in virtual cyberspace in the form of electronic data, and data sharing has become an important flow form of information circulation. It is an important link to realize the optimal allocation of network resources and realize the value of data. The great progress of the digital economy and artificial intelligence technology has greatly increased the demand for data, the speed of circulation has been further accelerated, and the potential value of data has been fully reflected. At present, the scope of personal information protected by Chinese laws is relatively narrow and is basically limited to the scope of privacy rights, which makes a large amount of information owned by individuals that do not belong to the category of personal privacy rights lack legal protection. Personal information is different from the characteristics of privacy rights. It is decided that the protection of personal information should be different from the protection of traditional personal privacy. To sum up, in view of this, this article attempts to analyze the new challenges faced by personal information protection in the era of big data from the perspective of law, combined with the background of the era of big data, from the legislative model, system design, supervision mechanism, industry self-discipline, and other aspects. Exploration of the legislative framework for the protection of personal information in the era of big data in our country is done in order to find a realistic path that balances the development of big data technology and the protection of personal information.

Xu Ziyi

DOI: https://doi.org/10.1155/2022/9672693

2022-08-18

Mobile Information Systems

Abstract:Cross-border data flow brings new growth and opportunities for the development of digital economy, but disordered cross-border data flow may damage national security, public interests, enterprise interests, and data sovereignty. At present, the unified rules for global regulation of cross-border data flow have not yet been formed. The existing rules are mainly led by developed countries like Europe and the United States. There is huge room for improvement in the international legal protection of cross-border transmission of personal information. This paper introduces the privacy protection mechanism of personal information data under the digital trade environment in China, that is, the privacy protection framework under the background of big data, cloud computing, and the cloud service selection method of data life cycle privacy protection. At the same time, we combined with many problems existing in the cross-border transmission of personal privacy information in China and compared with foreign advanced experience, and this paper puts forward China’s response path to clarify the obligations of data controllers and exporters, improve the responsibilities of regulators, improve the legislation of cross-border data flow, and improve the operability of the law; we vigorously carry out international cooperation and actively participate in the formulation of international rules, so as to further protect the rights and interests of personal privacy information protection.

computer science, information systems,telecommunications

Xiaojie Li,Yali Cong,Ruishuang Liu

DOI: https://doi.org/10.1126/science.abq7402

IF: 56.9

2022-01-01

Science

Abstract:The new law may present obstacles to some kinds of research

A. S. Ozerova

DOI: https://doi.org/10.17803/1994-1471.2022.138.5.196-206

2022-04-19

Actual Problems of Russian Law

Abstract:The paper analyzes the norms of criminal law, which enshrined the protection of personal information in the PRC. The tendencies of law enforcement practice in criminal cases, the subject of which are personal data, are being studied. Increased criminal law protection of personal information of Chinese citizens is due to the emergence of a social credit system. The paper discusses the features of the functioning of the social credit system, as well as the impact of this system on the rights and freedoms of the individual in the context of digitalization. Interest in the system under consideration is due to the significant influence exerted by the PRC on the formation of the legal culture of other countries. The author concludes that a significant degree of state intrusion into the private space of citizens correlates with effective measures to protect personal information. The Chinese case shows the desire of the state to protect the personal data of citizens, including through criminal law means. At the same time, cases of law enforcement are becoming more common, especially in criminal law.