The Data Protection Regime in China
This in-depth analysis by the Brussels Privacy Hub was commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Aff airs at the request of the LIBE Committee. It is first volume no. 4 working paper and written by Prof. Paul de Hert and Dr. Vagelis Papakonstantinou, from the Vrije Universiteit Brussel, VUB
The authors state that one cannot talk of a proper data protection regime in China, at least not as it is perceived in the EU. The international data protection fundamentals that may be derived from all relevant regulatory instruments in force today, namely the personal data processing principles
and the individual rights to information, access and rectifi cation, are not unequivocally granted under Chinese law. An efficient enforcement mechanism, also required under European standards, is equally not provided for. China has no comprehensive data protection act but several relevant sectorial laws that, under a combined reading together with basic criminal and civil law provisions, may add up to a data protection ‘cumulative effect’. This assertion is examined and assessed in the analysis.
A list of realistic policy recommendations has been drawn up in order to establish whether China’s recent data protection effort is part of a persistent, yet concise, policy.