scholarly journals Personal data security in PRC: vectors of improving legal regulation in the financial and banking sector

2021 ◽  
pp. 15-32
Author(s):  
Ella Gorian
Keyword(s):  
Data Protection ◽  
Data Security ◽  
Banking Sector ◽  
Personal Information ◽  
Personal Data ◽  
Civil Code ◽  
Information Protection ◽  
Bank Of China ◽  
Republic Of China ◽  
Personal Information Protection

The object of this research is the legal relations in the sphere of regulation of personal data security in the financial and banking sector of the People's Republic of China. The characteristics is given to the current legislation of China (Civil Code, Personal Information Protection Law, and Cybersecurity Law), existing or draft bylaws in the field of personal data security. Attention is given the second revision of the draft law on personal information protection, as well as determination of the institutional mechanism for ensuring personal data security. The article examines the peculiarities of regulation of relations in the sphere of ensuring personal data security in the financial and banking sector, as well as characterizes  the role of the financial regulator in this mechanism. The development of the mechanism for personal data protection is at completion stage; besides the adoption of the Civil Code of the People's Republic of China, which establishes the framework for regulation, two of the three special laws – Personal Information Protection Law and Cybersecurity Law – have already been adopted. The flagship law on Personal Information Protections is expected to be adopted by 2021. The aforementioned laws encompass all spheres of information security and ensure strong data protection regime: outline the scope of regulation, objects and subject composition, responsibility, and institutional control mechanism. The legal regime covers such aspects of relations as personal data of deceased persons, persons with reduced capabilities (due to age and health), as well as transnational data transfer. At this point, the financial and banking sector features a number of bylaws that set strict standards for ensuring personal information protection. The leading role in this mechanism is played by the financial regulator – the People's Bank of China. The standards adopted by the People’s Bank of China require further examination, which would allow formulating recommendations for the improvement of the Russian legal system.

scholarly journals Internet Industry Data Openness and Personal Information Protection Based on Privacy Laws

2021 ◽  
Author(s):  
Yurong Gao ◽  
Yiping Guo ◽  
Awais Khan Jumani ◽  
Achyut Shankar
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
Personal Information ◽  
Open Data ◽  
Personal Data ◽  
International Standards ◽  
Information Protection ◽  
Technical Standards ◽  
Consumption Ratio ◽  
Personal Information Protection

Abstract Data security needs a comprehensive system design approach that combines legal, administrative, and technical protection. These laws generally contain complete rules and principles relevant to the collecting, storing, and using personal information in line with international standards on privacy and data protection. Personal data should be legally collected for a specified reason and not be used without authorization for unlawful monitoring or profiling by governments or third parties. In advocacy and open data activity, increasing attention has been placed on privacy problems. To secure the protection of this data, the Privacy Law (PL) and the Regulations typically put forth industrial and technical standards on IT systems that hold and handle personal data. Concerns about information privacy are genuine, valid, and exacerbated on the Internet of Things (IoT) and Cyber-Physical Systems (CPS). This article suggests that compliance with IoT and CPS Data Privacy (DP) at technical and non-technical levels should be dealt with. The proposed architecture is then coupled with a reference framework for the business architecture to offer a DP-IoT model focused on the industry and technology and positioned to comply with the Personal Information Protection Act (POPI). Therefore, methods are necessary to protect data privacy based on both system and organizational reference designs. In the end, users should have specific rights to information about them, including the capacity and method to seek recourse to protect such rights, to acquire and amend incorrect details. The DP-IoT model shows a privacy ratio of 92.6%, scalability ratio of 91.5, data management ratio of 94.3%, data protection ratio of 96.7%, customer satisfaction rate of 92.2 %, attack prevention ratio of 95.5% and energy consumption ratio of 25.5 % compared to the existing methods.

China’s personal information protection in a data-driven economy: A privacy policy study of Alibaba, Baidu and Tencent

2019 ◽  
Vol 15 (2) ◽  
pp. 195-213
Author(s):  
Tao Fu
Keyword(s):  
Data Security ◽  
Service Providers ◽  
Personal Information ◽  
Information Service ◽  
Information Protection ◽  
Policy Study ◽  
Privacy Policies ◽  
Fair Information Practices ◽  
Data Flows ◽  
Personal Information Protection

By examining the privacy policies of leading Chinese Internet and information service providers (IISPs), this study found their privacy policies to be generally compliant with China’s personal information protection provisions. These IISPs use proper mechanisms showing their commitment, measures and enforcement to data security, but their Fair Information Practices need improvement. Personal information protection in China is severe. Privacy policies offer more ‘notice’ than they do ‘choice’. Chinese IISPs collect and use information extensively in the guise of providing value to users, but have given insufficient consideration to transborder data flows and change of ownership. Societal and technological mechanisms have not been widely sought.

China's data export rules create new risks

2021 ◽  
Keyword(s):  
Data Analysis ◽  
Data Protection ◽  
Data Security ◽  
Multinational Firms ◽  
Personal Information ◽  
Class Action ◽  
Information Protection ◽  
Content Type ◽  
Collective Rights ◽  
The Government

Significance This is the latest step in China's rapidly expanding data protection regime, building on the Data Security Law which took effect in September and the Personal Information Protection Law, which took effect in November. Impacts The rules will affect not just digital firms but all multinational firms that collect data from subsidiaries in China. It may sometimes be preferable to localise data analysis and circulate reports based on data rather than the raw data itself. The government will partially outsource enforcement to collective rights organisations to file class action lawsuits. Compliance costs will rise significantly, which may cause some companies to consider leaving China.

Data Security Law will have impact beyond China

2021 ◽  
Keyword(s):  
National Security ◽  
Data Protection ◽  
Data Security ◽  
Personal Information ◽  
Multinational Companies ◽  
Information Protection ◽  
Content Type ◽  
Data Flows ◽  
Compliance Requirements ◽  
Comprehensive Framework

Significance It creates a comprehensive framework for protection of all data with implications for national security. Alongside a forthcoming Personal Information Protection Law, it will have a significant impact on data protection compliance requirements for businesses, as well as on data flows between China and the outside world. Impacts Particular kinds of data might be categorised differently by different localities, creating compliance confusion. Multinational companies must prepare for more demanding data localisation requirements. Demand for the auditing and inspection services the law requires will drive expansion of China's domestic cybersecurity industry.

Japan’s Personal Information Protection Policy Under Pressure

Asian Survey ◽  
2020 ◽  
Vol 60 (3) ◽  
pp. 510-533
Author(s):  
Yuko Suda
Keyword(s):  
Domestic Politics ◽  
Data Transfer ◽  
Personal Information ◽  
Mutual Recognition ◽  
Personal Data ◽  
Information Protection ◽  
The European Union ◽  
Protection Policy ◽  
The Eu ◽  
Personal Information Protection

This article explores the politics surrounding the recent data transfer agreement between Japan and the European Union, with a focus on the linkage between Japanese domestic politics and foreign pressure on Japan’s personal information protection policy. The agreement may be seen as one of mutual recognition, in that Japan and the EU mutually recognized the other as providing an “adequate level of protection” for personal data. However, a close examination of the case suggests that Japan made substantial efforts to meet the EU’s standards for adequacy in order to enhance the interests of transnationalized Japanese firms that rely on the flow of personal information across borders. In sum, the latest changes in Japanese personal information protection regulation paved the way for the Japan-EU data transfer agreement; these changes were precipitated by the extraterritorial effect of the EU’s data protection laws, which had resonated within Japan’s domestic politics.

Sign in / Sign up

Export Citation Format

Share Document