China Economic Bulletin | No. 19–22 (15 August 2022)
Recent Developments of Data Governance in China and Implications for Foreign Investment
Authors: Jasper Habicht, Isabeau Höhn, Jessica Köhler
Introduction
The People’s Republic of China has introduced a comprehensive framework on data protection, data security and data management over the last few years. Already in 2017, the Cybersecurity Law entered into force laying out the legal basis for the handling of digital data. Following the enactment of the European General Data Protection Regulation in 2018, a new Civil Code and laws on the protection of personal data as well as on data security were enacted in 2020 and 2021.
At the same time, at least since 2014, the People’s Republic has gradually implemented a Social Credit System that aims to evaluate the credibility of enterprises and citizens. Such a system naturally generates massive amounts of data. At a first glance, the parallel development of the data-intensive Credit System with its complex and decentralised structure stands in stark contrast to the creation of a legal framework that aims to regulate and protect flows of information and data.
This paper aims to carve out implications for enterprises doing business with China of current regulations and policies of both the Social Credit System and the development of the various legal norms that aim to secure and protect the handling of data. By analysing the background and development of these regulations and policies, this paper also touches upon the complex relation between the protection of personal data and storage of huge amounts of data in the context of the Social Credit System and identifies certain tendencies of policy transfer between China and the world. This paper, however, cannot in depth elaborate on this multifaceted relationship and rather aims to provide an impetus for further scientific analysis.
This paper in its first part explains definitions and concepts that are important for the understanding of the following analyses of data security, data protection and social credit frameworks. It does so by briefly recalling the development of cybersecurity policy and legislation in China. We then proceed with analysing the development of the legal framework of protecting personal data by comparing the relevant Chinese norms against European standards. In the next part, we examine the Chinese Corporate Social Credit System by focusing on its application on corporate entities and looking into the development of its normative framework that is rooted in experimental legislation. In an excursus, this paper highlights certain aspects of policy and norm transfer between China and the world. Finally, this paper sums up the findings regarding the background of the development of policies and regulations concerning data security, data protection and social credit handling as well as relevant implications for enterprises in a conclusion.
Log in as DCW member to read the full issue
Learn how to become a DCW member (in German)
Contents
- Introduction — CEB No. 19
- Cybersecurity in China: Departing from Established Standards? — CEB No. 19
- Early developments of cybersecurity in China
- The Chinese and the European approach to cybersecurity
- The legal framework on cybersecurity in China
- Practical implications for enterprises doing business with China
- Protection of Personal Information in China: Towards a Rival to European Standards? — CEB No. 20
- Early developments: Privacy as predecessor of protection of personal information
- The Cybersecurity Law: Data security as a proxy for the protection of personal data
- The Civil Code and the Personal Information Protection Law: Towards a right to informational self-determination?
- Implications of the latest legal revisions for cross-border activities
- The Chinese (Corporate) Social Credit System: From Experimentation towards a Policy Model for the World? — CEB No. 21
- Where does the social credit system come from?
- Policy experimentation in times of top-level design
- Fragmented and inconsistent regulation
- Implications for German businesses
- Policy Transfer in the Context of Chinese Data Governance: Multilateral Influence with Chinese Characteristics? — CEB No. 22
- Conclusion — CEB No. 22
Log in as DCW member to read the full issue