Implications of New Chinese Legislation for Data and Cybersecurity

June 05, 2019 | BY

Marilyn Romero

China's latest draft measures should better regulate data protection and cybersecurity, but they could also result in the exclusion of some foreign firms.

Data privacy Data privacy

At the end of May 2019, China's internet regulator, the Cyberspace Administration of China, or CAC, issued a draft data security regulation for feedback from industry stakeholders. The proposed law is intended to give customers more control over how their personal information is collected and used.

The draft regulations lay out specific rules regarding what can or cannot be done by internet companies in their collection and usage of customer data. Explicit labeling needs to be provided on customized content that uses personal data, such as advertising and news feeds. Network operators are also required to avoid forcing or misleading users to agree to the collection of their personal information on such pretexts as improving service quality or enhancing user experience.

The regulation applies to the network-based collection, storage, transmission, processing, and use of data, as well as data security protection and supervision in the country. It also requires operators to take immediate actions in the event of personal information leakage or when data security risks increase significantly.

This premium content is reserved for
China Law & Practice Subscribers.

  • A database of over 3,000 essential documents including key PRC legislation translated into English
  • A choice of newsletters to alert you to changes affecting your business including sector specific updates
  • Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment
For enterprise-wide or corporate enquiries, please contact our experienced Sales Professionals at +44 (0)203 868 7546 or [email protected]