China publishes second drafts of key data laws

Mainland China released the second drafts of two of the most important pieces of forthcoming cross-industry legislation last week for a one-month public consultation: the Personal Information Protection Law and the Data Security Law.

In a market where the digital economy reportedly underpinned almost 40% of GDP in 2020, data flows are becoming increasing influential for business and everyday life. These second drafts reflect mainland Chinese regulators’ increased supervision and enforcement of data security and management in industry and beyond, as well as an acknowledgement that technological innovation is a must to continue to drive a post-pandemic economy.

As most laws promulgated in mainland China undergo no more than three readings before being finalised for launch, the current forms of the Personal Information Protection Law and the Data Security Law give a strong indication of the main principles that will be contained in the final versions of these key data laws. This alert seeks to highlight some of the key revisions between the first and second drafts of these laws that will be of interest to businesses operating in and with mainland China, as well as some of the main issues left unresolved on which businesses still require further rules or guidance from the relevant regulators.