An irrefutable violation of China’s privacy policy is that it does not restrict the government from accessing the information of its citizens. Chinese residents will remain one of the most enlightened in the world. “The Chinese government is the biggest threat to anyone’s privacy, and I don’t know if they would be affected,” said Omer Tene, an expert on information, privacy, and online security at Goodwin’s law firm.
The PIPL differs from other data laws in that it reflects the national political goals that achieve this. “If European security laws are based on fundamental rights and US privacy laws are based on consumer protection, China’s privacy laws are more closely aligned, and I would say, national security,” Tene said.
Instead, PIPL promotes the requirement of Chinese law on cyber security that companies store their information within China. Telecoms, transportation, financial companies, and other organizations that are considered to be the most important people to do so. But this now applies to any company that collects information from other people, anonymously. Following the departures of Yahoo and LinkedIn, Apple is now one of the world’s leading leading companies based in China. To secure its place in the lucrative market, Apple has already made a splash widespread acceptance of the Chinese government. At this stage, it is unclear how PIPL will be affected Apple Business in China.
Companies that want to share information outside of China should also look at national security, says James Gong, a Chinese partner at the law firm Bird & Bird. Set aside direction translated by DigiChina suggests that many companies will be subject to national security surveillance, including those that export “essentials” abroad. Companies that have data on over one billion people and want to send information abroad will also face comments. Any accredited company operating in and out of China may be excluded from this review.
As part of security comments, companies are required to provide an agreement between themselves and an external partner who receives the information and completes their self-assessment. This includes explaining why data is being exported from China, the types of information being sent, and the risks involved. Combining all of this could lead to uncertainty for companies doing business in China, Gong says. “They should also consider changing their businesses, their management, IT systems and the costs they face.”
While PIPL should pressure Chinese domestic companies to change the way data is used it will also affect many data laws around the world; there is a big difference between that, the GDPR, and the US privacy policy – the black list in particular. “These are political issues,” said Lee. “These results are not reflected in any of the privacy statements around the world.”
A key issue for China’s privacy policy – as well as its security, political reforms – could be the attraction of other countries still developing their own data protection policies, or rewriting them in the digital age. “We are concerned that some Asian countries may follow China’s policy of secrecy,” Lee said. “We already see, for example, the Indian and Vietnamese secret documents having methods like this.”
Some of the Best WIRED Stories