What you need to know about data privacy in China
In Asia, China is becoming the region’s superpower. It cannot be denied that China’s might and power are felt globally. Its power is demonstrated in its powerful military assets, persuasive diplomatic relations to other neighboring Asian countries, including the financial aid being extended to them.
All these and more adds up to China’s strong-man posture in the international scene.
What is clear, however, is that China’s President Xi Jinping is so ambitious that he wants China’s power extended even in countries perceived to be an ally of another superpower country: the United States of America.
Recently, China and the US were locked in a bitter trade war over the imposition of tariffs on products. The economic issue employed a “tit-for-tat” approach that prompted the US to ban telecommunication giant Huawei to business in the US’ backyards. Other Silicon Valley companies like Google, Intel ganged up against Huawei.
The 18-month long trade war between China and the US was highlighted in the recently concluded Group of 20 (G-20) summit in held in Japan. Both US President Donald Trump and China’s President Xi Jinping discussed the trade talks and vowed to hold, for the time being, the imposition of tariffs on imports.
But analysts said that the recent developments on the stalled trade talks between China and US were just temporary. They said that it wouldn’t offer any longterm solutions as global markets tend to be bullish despite the shaky trade talks between the two superpower countries. One thing is clear though: China wants to demonstrate its dominance in Asia.
The US’s move to block Huawei has caused a damaging blow to the company’s image as the leading telecommunication giant in Asia and elsewhere in the globe. However, this prompted Huawei and China, by extension, to craft and adopt new systems and approach for its business trade, especially in the technological aspect.
Dominance in technology
We’ve seen China slowly rising and dominating the business trade in technology. Those who are antagonized with China’s dominance in technology would describe the country as the hotbed of piracy. But China is also home of the biggest and innovative tech companies that produced services and products at par with the US’ Silicon Valley.
For instance, a report from Kleiner Perkins Caufield & Byers, a venture capital firm, has identified at least five companies (software) in China that belonged to the world’s top 20 technological firms in 2018. In no particular order, these were Xiaomi, Baidu, Alibaba, Ten Cent, and China Mobile, respectively.
The Kleiner Perkins Caufield & Byers firm also noted that China’s software companies have actually doubled from 2009 to 2014. Apart from this, China also is producing an estimate of 100,000 software engineers annually. With China’s aggressive growth and dominance, it is expected that tech companies in the US would remain “critical” while toying the “privacy and spying issue.” Now, this begs the question: Will the communist China that is already an economic power bow down to the US?
In China’s own backyard, the issue of data privacy is a debatable issue that requires a national conversation between its people and policymakers. China has actually crafted a policy to effect what it calls a data protection regulatory system. This system has the end goal of protecting Chinese consumers from American tech companies that tend to spy the Chinese government and its people.
It can be recalled that on February 1 this year, China made revisions to its Personal Information Security Specification. The national standard revisions were said to be opened for public scrutiny. On the following day, China’s Cyber Security Review Technology publicly announced that some companies complied the certification standard set by the Certification Center. The agency said the new standards aim to address the issue of privacy hounding various tech companies.
China’s national standards on information security technology
In May, China released the new standards for its P1 Specifications. This newly revised standard is now considered to be the de facto standard to handle the data protection. The Chinese government said that the new Personal Information Security Specification would be in harmony with the country’s cybersecurity law and the consumer protection law.
At present, China is now enforcing the P1 Specifications. The new de facto standard covers the data, data transfer, data anonymisation, access to personal information, request to copy, delete personal information, data breach notification, role and function of data controller. This includes the system that involves the processing of personal information, details on explicit consent, assessment on the security impact of personal information, among others.
Apart from tech companies, the new standard also covers companies that have something to do with Chinese intellectual property and other professional employer organization.
A big change in 2019
Both the data security law and the personal data protection law were on the radar of the lawmakers since 2018. From there, the public is expecting to see a refreshed data protection law in 2019 despite the existence of China’s draft of the controversial law a decade ago. It can be recalled that it was the academia modeled after the 95 EU directive about data protection which drafted the first law on personal data protection.
This begs the question: Is it worth to wait to see these changes being imposed? Policymakers should focus on the revisions that would be made in China’s data security law. They should also differentiate the two controversial laws, respectively.
It is worthy to note that policymakers should take into consideration the “scope and concept” vis-a-vis the relevance of the data in Beijing’s CSL. This because such an issue has yet to be clarified. Many believe that this would be tackled by the data security law.
With the anticipated provisions of the data protection law, China is expected to publicly issue the implementation rules of the country’s CSL this year. Among the regulations that are expected to be implemented were on data security, and cybersecurity multiple-level protection system, among others.
As part of the big change that would happen instead of data protection compliance, several companies doing business in China are enjoined to prepare the hereunder suggestion:
Regulators are expected to request from companies a list of what they described as an “inventory of processing activities.” The requirement marks the beginning of a probe initiated by law enforcement agencies. All these and more are expected with the effect of the fresh documentation requirement contained in the National Standard.
Safeguards from other countries and especially from EU could still be applied for the same processing activity. However, regulators must be able to identify the safeguards as they also require consent as part of the balancing test. Regulators are also keen to demand from various multinational companies tailored-fit policies that are translated into the Chinese language. They further warned that privacy policies stated in English would be perceived as “unintelligible” by the Chinese consumers.