China Data Security Law

NZZ 出了一篇報導,順手也把提供給 NZZ 記者的文字貼上來:

  • I agree that other relevant laws will be applied here to handle what article 2 said “in accordance with law”, since I can not find related concrete penalty articles (maybe article 51 or 53? but both of them do not mention the concrete penalty )  in DSL which might be taken to handle abroad data activities.

    I guess other relevant laws like the “Criminal Code” or other administrative regulations will be applied here.

    Therefore, article 2(2) itself would be just a claim, i.e., through the article, the Chinese government clearly stresses that they will include abroad data activities into their punishment list.

    But what will not be changed is that the Chinese government never tries to clarify the scope of “national security.” Therefore, although article 2(2) can be viewed only as a statement or claim (or even a “threat” to me), it will more justify, no matter domestic or abroad, any punishment towards abroad data activities in the future, due to the law has already “clearly stated”.

    And thanks to your remind, I think of the Taiwanese case “Lee Ming-Che(李明哲)”. I think after DSL, a similar case would be more common than now, and harder to fight back.

  • I agree that some data will be transfer through mutual legal assistance agreement. But DSL reserve the complete power for the Chinese government to decide whether any data in China’s territory should be transferred to the foreign law enforcement department.

    It’s again a practice based on the “data localization” which has already asked by the Chinese government after Anti-terrorism Act and NSL.

    I think this kind of power is not a common practice now in the world, for example, you can check Google’s transparency report, they list the “diplomatic legal requests”, but the number is quite small compared to the number of total data requests they received. That means, the company can decide whether they want to cooperate with a government or not.

  • I agree with Bloomberg’s assessment about DSL will authorize Xi to shut down tech firm, but I also agree with the analyst said these kinds of provisions are just standard practice in Chinese law.

    In article 45, 46, 47, 48 of DSL, those provisions authorize the administrative body to shut down different kinds of companies (don’t have to be tech company due to the definition of “data” both include electronic and non-electronic record) if they “seriously” violate the related regulations (although it seems that DSL do not define what is “serious”). At least, as far as I know, similar wordings or punishment could also be found in the Cybersecurity Law (article 61, 62, 64), Anti-Terrorism Act (article 93), and the Draft of Personal Information Protection Act (article 62).  I think the Chinese government is trying to legalize the power for shutting down any company in China territory when necessary through different kinds of legislation.


  • I do believe “the central national security leadership agency” in Art. 5 refers to the Central National Security Commission (CNSC), but I don’t think this body’s role is strengthened. I think CNSC already plays the same role in National Security Law (NSL).

    CNSC has already be assigned a quite similar role in NSL since 2015. And both NSL and DSL are followed the “holistic view of national security (總體國家安全觀)”, which is a view showing that everything can be related to national security. That means DSL can be viewed as a jigsaw for achieving the “holistic view of national security”. In this sense, conceptually but not legally, I think DSL only can be viewed as a more detailed regulation under NSL, and through DSL, CNSC knows how to practice more detail to achieve the holistic view of national security.


  • Basically Art. 26 can be viewed as a measure to counter the U.S. sanction against China tech firms, but the effect can be broader. This article did not define what is “discriminatory measure”, and therefore can be treated as a bargaining chip to any country trying to sanction Chinese tech entities. Since China is such a big market, it’s hard for any country to give up this market. I personally think this article leads to some very bad consequences for a specific country’s economy, human rights, national security. What I’m most afraid of is that other countries will follow this kind of legislation, therefore encourage/increase Internet fragmentation.


  • I think DSL will make more data open, but I don’t think the Chinese government is genuine about opening government data, especially for the data needed to supervise the central government.

    Indeed, DSL in article 41 & 42 said the government should open their data, and establish an open data catalog, but there still remain lots of problems. For example, DSL does not mention whether the open data catalog itself would be open or not, DSL also does not mention the criteria to decide whether the data can be open or not.