The future of China’s personal data protection law: challenges and prospects

Abstract

On 10 September 2018, the Standing Committee of the National People’s Congress of China updated its legislative agenda and planned to enact a comprehensive data protection law by March 2022. This Plan would end the longstanding speculation among Chinese scholars and foreign observers about the direction of China’s data protection regime. Nevertheless, whether such a law can be enacted on time remains uncertain. This article examines the current challenges to the creation of a workable data protection law in China. The main challenges are related to the hasty implementation of the information and communications technology (ICT) development strategies, the current weak legal framework and the unprepared scholars and lawmakers. This article concludes that the enactment of a data protection law is not an easy task. This task is likely to be delayed, suspended, or proved to be a failure if the aforementioned obstacles are not resolved properly. Finally, to provide meaningful data protection, this article provides four basic policy and legal recommendations: (1) pay more attention to protecting individuals’ personal data against unreasonable use by industry and government; (2) cautiously learn from legislative experience of western countries; (3) explore the best practices under Chinese contexts; and (4) enforce the protection rules in a more meaningful manner.