This in-depth analysis was commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the LIBE Committee.
One cannot talk of a proper data protection regime in China, at least not as it is perceived in the EU. The international data protection fundamentals that may be derived from all relevant regulatory instruments in force today, namely the personal data processing principles and the individual rights to information, access and rectification, are not unequivocally granted under Chinese law. An efficient enforcement mechanism, also required under European standards, is equally not provided for. China has no comprehensive data protection act but several relevant sectorial laws that, under a combined reading together with basic criminal and civil law provisions, may add up to a data protection ‘cumulative effect’. This assertion is examined and assessed in the analysis that follows. A list of realistic policy recommendations has been drawn up in order to establish whether China’s recent data protection effort is part of a persistent, yet concise, policy.