A history of data protection in China

Data protection in China has notoriously lagged well behind its economic rivals in the West. Before 2008, the state announced a range of administrative restrictions around data protection – but in truth, these had a greater focus towards protecting ‘state interest’ rather than the interests of civilians.

The decision on strengthening internet information

But in December 2012, the National People’s Congress in China rolled out its first proper data security proposal: the Decision on Strengthening Internet Information. Although this proposal didn’t take the form of formal legislation, it contained 11 general principles that dictate how individuals and businesses should handle the electronic data of citizens in China.

The Decision stipulated that collecting and using personal data must be “legitimate, proper and necessary” – language that’s very similar to the “transparency, legitimate purpose (and) proportionality” that’s the bedrock of the EU’s Data Protection Directive.

Legislation in China since the Decision

Since the Decision, regulations have been rolled out in China which add legal weight to its stipulations. Another significant development saw heavy punishments being introduced for consumer data breaches. Companies that are at fault for consumer data breaches will have to pay compensation and damages as directed by civil law, but could also have to rectify breaches, pay large fines or even close the business.

Experts anticipate more legislation to rubber stamp the general ethos of the Decision, although this is yet to be formally announced.

The difference between China and the West

The main contrast between data protection in China and the EU comes when you contrast the two sovereignty’s ‘base’ directives: the NPC’s Decision and the European Data Protection Directive (EDPD). The EDPD is an all-encompassing legislative base, while the Chinese Decision is more of a general ‘framework’ of best practice.

Because there is no systematic, national data protection law that means there are plenty of legal grey areas and contradictions in Chinese data protection law. Similarly, there’s no dedicated agency or regulator that’s tasked with consumer data protection – responsibilities are spread between various authorities.

China also doesn’t have a treaty the EU or any other authority like the EU-US safe harbour framework which protects consumers’ data against foreign businesses.

The importance of proper data protection in China

China’s unsophisticated data protection legislature and unsafe security history, coupled with a growing desire from the state to sharpen personal security, means that it’s more important than ever for businesses in the country to treat data security with the utmost respect.

Minimising the risks associated with compliance, as well as staying safe from an unsophisticated legal infrastructure, means that businesses need completely secure Chinese file sharing solutions.

 Data residency solutions

The best option for businesses in China is a cloud-based file transfer option that enjoys Chinese data residency, while maintaining the highest level in data security standards. Maytech’s FTP-Stream China platform enjoys data residency in Hong Kong – allowing organisations to get unfettered access to The People’s Republic while side-stepping many of the legislative and security issues.

Read more: