Donnerstag, 20.06.2019 17:10 Uhr

The Impact of the EU's New GDPR in China

Verantwortlicher Autor: Carlo Marino Rome, 14.06.2018, 09:08 Uhr
Nachricht/Bericht: +++ Wirtschaft und Finanzen +++ Bericht 5022x gelesen

Rome [ENA] The GDPR (General Data Protection Regulation) represents the most radical change to data-privacy law in 20 years. Every company subject to the GDPR, by the letter of the law, copes with huge fines. The institutions of the European Union passed the GDPR in May 2016, and the National People’s Congress of the People’s Republic of China passed in November of the same year the Cybersecurity Law of China

which entails both data protection and cybersecurity. China’s set of data protection provisions is wide-ranging, including several law texts, such as the Administrative Measures for Online Trading for e-commerce, the Administrative Provisions on Short Message Services for SMS and the Provisions on Protection of Personal Information of Telecommunication and Internet Users for the telecom industry, all those existing along general data protection laws, such as the Cybersecurity Law of China.

GDPR makes explicit the fact that a company situated outside of the EU that offers “goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union,” can get involved with the obligation of the GDPR, thus allowing the regulation an extraterritorial effect. In contrast, the principle of cybersovereignty on which the Cybersecurity Law of China is established is mirrored in the territorial scope of the Chinese Law, that is under Article 2 strictly limited to the “territory of the People’s Republic of China.”

With such a contrast, it is possible to come to the conclusion that companies located solely in China doing business in China and the EU should comply with both the Chinese law and the GDPR, while companies solely located in the EU would only be bound by the GDPR. GDPR’s Article 3 means that wherever in the world processing personal information on behalf of an EU controller, one is directly targeting EU citizens, and one needs to be cautious of the GDPR. Hong Kong till June 2018 had no problem in exposing private information online. The government only carried out five prosecutions under the Personal Data (Privacy) Ordinance up to 2016 for cases containing complaints in Hong Kong.

That number may increase dramatically if the Privacy Commission for Personal Data works with EU authorities by helping to collect fines imposed by EU authorities. Hong Kong companies cannot send data to the EU without adding words to contracts that the EU approves. Fines can range from HK$195 million to 4% of world-wide profits (depending on which value is higher). The GDPR represents something more important for Hong Kong than just more regulation. Most Hong Kong companies will follow the GDPR, even though it is more stringent than the Data Protection Ordinance. China has its own Cybersecurity Law, and even more stringent Information Technology-Personal Information Security Specification.

The Specification, in particular, requires all kinds of encryption and encoding of customers’ and others’ information. Hong Kong continues to work out its “One Country, Two Systems” formula toward 2047. The GDPR has extraterritorial reach, so it will apply also to Taiwan businesses that offer goods or services to people in the EU, even if those goods or services are only being provided online and the company has no physical presence in the EU.

Under the GDPR, EU resident data can only be processed (i.e., collected, stored, or transmitted) if there is a lawful basis for doing so. As of June 4, 2018, the government of the Republic of China (ROC) has expressed willingness to obtain adequacy certification of EU’s GDPR to get the highest standard of protection of privacy for citizens. The fact that Taiwan Companies must undertake the task of identifying the lawful basis for processing, such as the performance of a contract or consent from the EU resident is also an act to attract the world’s attention on the disputed Republic of China which wants to identify itself as a western style democracy.

Für den Artikel ist der Verfasser verantwortlich, dem auch das Urheberrecht obliegt. Redaktionelle Inhalte von European-News-Agency können auf anderen Webseiten zitiert werden, wenn das Zitat maximal 5% des Gesamt-Textes ausmacht, als solches gekennzeichnet ist und die Quelle benannt (verlinkt) wird.
Zurück zur Übersicht