China legal update: Legal News: Data Security Law (Draft) Released for Public Comment

China legal update: Legal News: Data Security Law (Draft) Released for Public Comment

Legal News: Data Security Law (Draft) Released for Public Comment

On July 3, 2020, the long-expected draft of Data Security Law (the “Draft”) was released on the website of the National People’s Congress for public comment after being submitted to the 20th meeting of the 13th Standing Committee of the National People’s Congress for deliberations.[1] The public comment period for the Draft will last until August 16, 2020 and it is expected that the Draft will be finalized within the year.

Internationally, battles over data security has intensified among major nations and protection on data security has become a major theme of the legislation. Domestically, the release of the Draft marks a step forward in establishing a regulatory framework for the protection of data security in China.

We highlight several catching contents for your reference below.

I. Applicable Scope and Extraterritorial Jurisdiction

The Draft provides that the “Data” include any record of information in electronic or non-electronic form; while the “Data Activities” include activities such as collection, storage, processing, use, provision, transaction, and disclosure.[2] However, the Draft does not reach data activities involving national secrets, personal information, and military information.[3]

Further, the Draft sets out the extraterritorial jurisdiction by providing the Draft applies to entities and persons located outside of the PRC if their data activities impair the national security, public interest, and the legitimate interest of Chinese citizens and organizations, wherever the activities occur.[4]

II. Multi-level Regulatory and Enforcement Structure

The Draft designs multi-level regulatory and enforcement structure to allocate the duty on data security protection.[5]

Due to the vagueness of the industrial and geographic boundaries involved in data activities, and the lack of guidance on enforcement, the complex structure needs further implementation guidelines in practice.

III. Enterprises’ Compliance Obligations and Legal Liabilities

Chapter 4 of the Draft dedicates to protect data safety by imposing obligations on enterprises and potential legal exposure. We hereby summarize the key compliance points in the below table:

Given that the Draft roughly delineates an outline of the regulations and obligations imposed on enterprises, and lacks the requisite operational rules and implementing mechanisms, how the data protection actually works in practice is far from clear based on the text of the Draft. Moving forward, we will keep a close eye on the development of the Draft.

NCP Outbreak: China’s Movie Theaters Back to business Soon

On July 16, 2020, China film administration announced that movie theaters in low-risk regions may resume business starting from July 20, 2020.[16]

NCP Outbreak: China’s GDP up 3.2% in Q2

On July 16, 2020, the National Bureau of Statistics of China, China’s GDP grew by 3.2 percent year-on-year in the second quarter.[17]


Asiallians will keep a close eye on the above mentioned legal news.

Should you need more details, please contact us at As always, Asiallians remains at your service and our teams are currently mobilized in all our offices in China, Hong Kong and Taipei.



2. Article 3 of the Draft

3. Article 49, 50 of the Draft

4. Article 2 of the Draft

5. Article 6, 7 of the Draft

6. Article 25 of the Draft

7. Article 42 of the Draft

8. Article 27 of the Draft

9. Article 28 of the Draft

10. Article 29 of the Draft

11. Article 32 of the Draft

12. Article 30 of the Draft

13. Article 43 of the Draft

14. Article 31 of the Draft

15. Article 44 of the Draft




Feel free to contact for more information.