Data Security Law of the People's Republic of China
In this article we will explore the topic of Data Security Law of the People's Republic of China and its impact on today's society. Data Security Law of the People's Republic of China has been the subject of interest and debate for years, and its relevance has not diminished over time. In recent decades, we have seen significant advances and research around Data Security Law of the People's Republic of China, leading to greater understanding and awareness of its importance. Through this article, we will delve into the different aspects surrounding Data Security Law of the People's Republic of China, from its history and evolution to its influence in different areas of daily life. We hope that this exploration contributes to shedding light on Data Security Law of the People's Republic of China and its implications in today's world.
| Data Security Law of the People's Republic of China | |
|---|---|
.svg) | |
| Standing Committee of the National People's Congress | |
| |
| Citation | Data Security Law of the PRC (English) |
| Territorial extent | People's Republic of China but excludes China's Special Administrative Regions. |
| Enacted by | 13th National People's Congress |
| Enacted | June 10, 2021 |
| Commenced | September 1, 2021 |
| Related legislation | |
| National Intelligence Law, Cybersecurity Law, National Security Law (China) | |
| Summary | |
| A law is formulated in order to standardize data handling activities, ensure data security, promote data development and use, protect the lawful rights and interests of individuals and organizations, and safeguard national sovereignty, security, and development interests. | |
| Keywords | |
| Cybersecurity, National Security, Cyber sovereignty | |
| Status: In force | |
The Data Security Law of the People's Republic of China (Chinese: 中华人民共和国数据安全法; pinyin: Zhōnghuá rénmín gònghéguó shùjù ānquán fǎ; referred to as the Data Security Law or DSL) governs the creation, use, storage, transfer, and exploitation of data within China. The law is seen to be primarily targeted at technology companies which have grown increasingly powerful in China over the years. The law is part of a series of interlocking but related national security legislation including the National Security Law of the People's Republic of China, Cybersecurity Law and National Intelligence Law, passed during Xi Jinping's administration as part of efforts to strengthen national security .
Provisions
The law controversially requires data localisation of data collected by foreign and domestic entities on Chinese citizens. The law prohibits the export of data by technology companies without first the completion of a "cybersecurity review", the process of which is vague and still being developed. In addition, foreign judicial authorities are prohibited from requesting data on Chinese citizens without first seeking permission from Chinese authorities.
Article 36: The competent authorities of the PRC are to handle foreign justice or law enforcement institution requests for the provision of data, according to relevant laws and treaties or agreements concluded or participated in by the PRC, or in accordance with the principle of equality and reciprocity. Domestic organizations and individuals must not provide data stored within the mainland territory of the PRC to the justice or law enforcement institutions of foreign countries without the approval of the competent authorities of the PRC.
On September 28, 2023, the Cyberspace Administration of China (CAC) issued the draft Provisions on the Regulation and Promotion of Cross-Border Data Flows. In the draft, CAC stated no government oversight is needed for data exports if regulators haven’t stipulated that it qualifies as “important.”
Reactions
Carolyn Bigg of law firms DLA Piper Hong Kong stated that the law represents: “another important piece in the overall data protection regulatory jigsaw in China”, making it: “complex" and "increasingly onerous" for international businesses to navigate through. Chinese technology company stocks fell in reaction to the passing of the law while tech companies such as Meituan, Alibaba and Ant Financial were all placed under regulatory scrutiny prior to its passing. The law is seen to have wide-ranging implications and is seen as another step in the increasing lawfare between China and the United States in areas of trade, intellectual property and national security since the beginning of the US-China trade war which began in 2016.
See also
- Personal Information Protection Law of the People's Republic of China
- Cybersecurity Law of the People's Republic of China
References
- ^ a b "China's New Data Law Gives Xi the Power to Shut Down Tech Firms". BloombergQuint. Retrieved 2021-08-04.
- ^ "Xi Jinping's Conquest of China's National Security Apparatus". www.ifri.org. Retrieved 2021-08-04.
- ^ "China Finalizes Data Security Law to Strengthen Regulation on Data Protection". JD Supra. Retrieved 2021-08-04.
- ^ "China's New Data Law Gives Xi the Power to Shut Down Tech Firms". Bloomberg.com. 2021-06-10. Retrieved 2022-08-14.
- ^ Cheng, Evelyn (2023-10-06). "China plans to ease one of the biggest hurdles for foreign business". CNBC. Retrieved 2023-12-28.
- ^ "China Publishes Draft Rules to Ease Data Export Compliance Burden". www.wilmerhale.com. 2023-10-12. Retrieved 2023-12-28.
- ^ "Beijing to define key data that will not be allowed to leave China easily". South China Morning Post. 2021-08-02. Retrieved 2021-08-04.