• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Articles
  • News
  • Events
  • Advertize
  • Jobs
  • Courses
  • Contact
  • (0)
  • LoginRegister
    • Facebook
    • LinkedIn
    • RSS
      Articles
      News
      Events
      Job Posts
    • Twitter
Datafloq

Datafloq

Data and Technology Insights

  • Categories
    • Big Data
    • Blockchain
    • Cloud
    • Internet Of Things
    • Metaverse
    • Robotics
    • Cybersecurity
    • Startups
    • Strategy
    • Technical
  • Big Data
  • Blockchain
  • Cloud
  • Metaverse
  • Internet Of Things
  • Robotics
  • Cybersecurity
  • Startups
  • Strategy
  • Technical

Comparison Between Global Data Security Laws – China PIPL, EU GDPR, And US Data Laws

Daniel Cantorna / 6 min read.
December 6, 2021
Datafloq AI Score
×

Datafloq AI Score: 74.33

Datafloq enables anyone to contribute articles, but we value high-quality content. This means that we do not accept SEO link building content, spammy articles, clickbait, articles written by bots and especially not misinformation. Therefore, we have developed an AI, built using multiple built open-source and proprietary tools to instantly define whether an article is written by a human or a bot and determine the level of bias, objectivity, whether it is fact-based or not, sentiment and overall quality.

Articles published on Datafloq need to have a minimum AI score of 60% and we provide this graph to give more detailed information on how we rate this article. Please note that this is a work in progress and if you have any suggestions, feel free to contact us.

floq.to/06Ore

The activation of the Personal Information Protection Law (PIPL) adds another layer of complexity concerning compliance with China‘s data law security. We expect that some further details will be detailed in regulations and practical guidance in the future. This law, which came into effect recently on 1 November 2021, has changed business dealings in and around China.

The General Data Protection Regulation (GDPR) was passed by the European Union and has been in effect since 25 May 2018. The GDPR is the most comprehensive privacy and security law in the world. But how does this compare to the PIPL and the privacy laws adopted by the US for privacy protection?

It is important to note and compare how these laws differ and draw parallels. A comparison will allow us to assess how we interact and do business with these countries. In this article, I will outline these laws and navigate how this will affect day-to-day dealings with these countries.

The United States lacks one law that envelops the privacy of all types of data. Instead, it has a combination of various elements that go by acronyms like HIPAA, FCRA, FERPA, GLBA, ECPA, COPPA, and VPPA. The data collected by the vast majority of products people use every day isn’t regulated. Each different state’s draft data privacy law looks different some with prior consent requirements akin to the EU’s GDPR. Some have larger scopes and others have exemptions by sectors.

The necessity for data protection laws

In the modern global economy, data is one of the most valuable resources to businesses. Companies use data to understand customers and personalise experiences to build deeper relationships which in turn increase profits. While the use of data is optimised when it freely flows across borders, many countries have been formulating privacy measures making the transfer of data across borders more complicated, expensive, and time-consuming. Some activities, at a broader level, may even become illegal.

Data protection legislation prevents data from being misused or traded/sold/leaked to third parties that may use it for purposes different to the consent given by the customers when it was collected. The most common data elements that businesses collect may include your name, address, emails, contact telephone numbers, and bank and credit card details. Protecting this information is both an ethical and more importantly a legal requirement in most countries and the businesses must take considerable measures to protect the data they collect.

Data protection laws contain a set of principles that organisations, governments, and businesses have to adhere to in order to ensure people’s data is accurate, safe, secure, and lawful.

These principles ensure data is:

  • Only used in specific processes
  • Not stored for longer than necessary
  • Used only in relevant ways
  • Kept safe and secure
  • Used only within the confines of the law
  • Not transferred out of the legal jurisdiction it was collected in without consent
  • Stored following data protection rights

Timeline of information security laws enhancement in China

Since the enactment of the Cybersecurity Law (the CSL) in June 2017, Chinese Regulators have launched a series of enforcement actions involving a cybersecurity review against some internet companies. The enforcement actions brought data security into the spotlight.

In September 2021, the Chinese government stepped up its enforcement efforts on data security governance by introducing the Data Security Law (DSL) to provide additional data protection on top of cyberspace governance.

The Personal Information Protection Law (PIPL) has mirrored certain provisions of the GDPR and jointly built up a strict regulatory regime for privacy protection, data security, and network security in China. The GDPR acted as a benchmark for international judicial practice.

Key similarities and differences between PIPL and GDPR

While the PIPL employed the GDPR as a benchmark for the data privacy framework, there is no single principal data protection legislation in the United States. A jumble of hundreds of laws enacted on both the federal and state levels serves to protect the personal data of United States residents.

Here is a comparison of the general ways in which these data laws differ and the similarities between them:


Interested in what the future will bring? Download our 2023 Technology Trends eBook for free.

Consent

Cross-border Data Transfer:

The PIPL has some elements in common with the GDPR regarding the cross-border transfer of personal information. However, it also has some additional requirements. The GDPR has an adequate level of protection ensured. The appropriate safeguards are implemented in the Standard Contractual Clauses (SCC), Binding Corporate Rules, etc. PIPL goes beyond this with implementing data localisation. In essence, this means that the PIPL requires a controller of large-scale personal data or a critical information operator to store personal data within China. Cross-border transfers above a certain threshold are subject to a security assessment by the Cyberspace Administration of China (CAC).

Data Protection Impact Assessment (DPIA):

Regarding GDPR, a DPIA is required when there is a high-risk nature of the processing. PIPL requires DPIA to be performed whenever there is a transfer of data overseas and when using third-party processors. In the United States, the DPIA is a compliance requirement.

Rights of Individuals:

With regards to the GDPR, people have the right to access, correct, erase, and object to processing, subject to any automated decisions concerning data provided. The PIPL provides the same rights but includes additional rights, including requesting handlers to explain their handling rules. The rights can be exercised beyond death by close relatives of the deceased.

Sensitive Personal Information:

The GDPR and PIPL both protect biometric data, religious information, and health-related data. The GDPR also protects trade union membership details, generic data, and sexual orientation. The PIPL instead protects personal financial accounts, personal information of minors under the age of 14, and so on.

Data Breach Notification:

The GDPR controller will, in the case of a personal data breach, notify the personal data breach to the supervisory authority competent in accordance with Article 55 not later than 72 hours after having become aware of it. The PIPL imposes immediate mandatory reporting of data breaches to the relevant authority on a personal information handler.

Legal Liabilities:

The GDPR punishes non-compliance with a fine of up to ” 20 million or up to 4% of the total worldwide annual turnover of the preceding financial year. The PIPL punishes non-compliance with fines of up to RMB 50 million (approximately ” 6 316 830 or up to 5% of the prior year’s revenue).

Data protection in the United States

Because there is no particular law in the United States, it is imperative to inspect their current laws separately by comparing them to data protection laws that China and the European Union have imposed on their territory.

Data privacy is not highly legislated or regulated in the U.S. The access to private data contained in, for example, third-party credit reports may be sought when seeking employment or medical care. Although some regulations exist, there is no all-encompassing law regulating the acquisition, storage, or use of personal data.

Whoever obtains the data is deemed to own the right to store and use it, even if the data was collected without permission. Exemptions on this content are regulated by laws and rules such as the Federal Communications Act’s provisions, and implementing rules from the Federal Communications Commission.

Some examples of data privacy laws in the United States are:

  • Children’s Online Privacy Protection Act (Coppa) this governs the collection of information about minors (children 13 years and younger).
  • Health Insurance Portability and Accounting Act this governs the collection of health information.
  • Fair Credit Reporting Act this act regulates the collection and use of credit information.
  • Gramm Leach Bliley Act (GLBA) governs personal information collected by banks and financial institutions.

According to Osano, a corporate privacy supplier in the U.S. The U.S. has hundreds of sectoral data privacy and data security laws among its states. The state attorney generals oversee data privacy laws governing the collection, storage, safeguarding, disposal, and use of personal data collected from their residents, especially regarding data breach notifications and the security of Social Security numbers. Some apply only to governmental entities, some apply only to private entities, and some apply to both.

Outcomes of the Comparison: DPR, PIPL, and US Data Privacy Laws

When comparing GDPR and PIPL, one can draw a few parallels to the privacy laws in place. The biggest similarity is that it is a law within itself. The US, although having some similarities with both, doesn’t have one defining law to compare to.

The GDPR and PIPL have all-encompassing laws making it easier to govern and having clearly defined bodies in place to monitor any breaches of these data rules.

Categories: Cybersecurity
Tags: China, Data security, EU, laws

About Daniel Cantorna

Daniel Cantorna Vice President, Professional Services, EMEA, Collinson Daniel is the Vice President of Professional Services within Collinsons EMEA team, a global leader in loyalty and benefits, and traveller experiences.Holding over 15 years of experience in consulting, product development, system integration, automation and gamification, Daniel is passionate about delivering customer-centric solutions and services that help Collinson clients build meaningful, enduring and increasingly valuable relationships with their customers.Daniel has worked extensively with marketing, automation, integration, business intelligence and advanced analytics for global enterprise organisations across sectors including technology, aviation, hospitality, luxury and retail.

Primary Sidebar

E-mail Newsletter

Sign up to receive email updates daily and to hear what's going on with us!

Publish
AN Article
Submit
a press release
List
AN Event
Create
A Job Post

Related Articles

IoT protocol and commnication standards

March 22, 2023 By Patrick R

Why Blockchain Is The Missing Piece To IoT Security Puzzle

March 21, 2023 By johnwillium975

3 Ways the Internet of Things Has Already Changed Digital Advertising

March 15, 2023 By usama.mustafa.seo

Related Jobs

  • Software Engineer | South Yorkshire, GB - February 07, 2023
  • Software Engineer with C# .net Investment House | London, GB - February 07, 2023
  • Senior Java Developer | London, GB - February 07, 2023
  • Software Engineer – Growing Digital Media Company | London, GB - February 07, 2023
  • LBG Returners – Senior Data Analyst | Chester Moor, GB - February 07, 2023
More Jobs

Tags

AI Amazon analysis analytics app application Artificial Intelligence BI Big Data blockchain business China Cloud Companies company costs crypto Data development digital environment experience finance financial future Google+ government information machine learning market mobile Musk news public research security share skills social social media software startup strategy technology twitter

Related Events

  • 6th Middle East Banking AI & Analytics Summit 2023 | Riyadh, Saudi Arabia - May 10, 2023
  • Data Science Salon NYC: AI & Machine Learning in Finance & Technology | The Theater Center - December 7, 2022
  • Big Data LDN 2023 | Olympia London - September 20, 2023
More events

Related Online Courses

  • Google Chrome Security and Extensions for Beginners
  • Velocity Data and Analytics Summit, UAE
  • Microsoft Windows Defender and Firewall for Beginners
More courses

Footer


Datafloq is the one-stop source for big data, blockchain and artificial intelligence. We offer information, insights and opportunities to drive innovation with emerging technologies.

  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Recent

  • Microsoft Power BI -The Future of Healthcare’s Most Important Breakthrough
  • The Big Crunch of 2025: Is Your Data Safe from Quantum Computing?
  • From Data to Reality: Leveraging the Metaverse for Business Growth
  • How BlaBlaCar Built a Practical Data Mesh to Support Self-Service Analytics at Scale
  • How Blockchain Technology Can Enhance Fintech dApp Development

Search

Tags

AI Amazon analysis analytics app application Artificial Intelligence BI Big Data blockchain business China Cloud Companies company costs crypto Data development digital environment experience finance financial future Google+ government information machine learning market mobile Musk news public research security share skills social social media software startup strategy technology twitter

Copyright © 2023 Datafloq
HTML Sitemap| Privacy| Terms| Cookies

  • Facebook
  • Twitter
  • LinkedIn
  • WhatsApp

In order to optimize the website and to continuously improve Datafloq, we use cookies. For more information click here.

settings

Dear visitor,
Thank you for visiting Datafloq. If you find our content interesting, please subscribe to our weekly newsletter:

Did you know that you can publish job posts for free on Datafloq? You can start immediately and find the best candidates for free! Click here to get started.

Not Now Subscribe

Thanks for visiting Datafloq
If you enjoyed our content on emerging technologies, why not subscribe to our weekly newsletter to receive the latest news straight into your mailbox?

Subscribe

No thanks

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Marketing cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!