Skip to main content
SpringerLink
Log in

A comparative analysis of personal data protection regulations between the EU and China

  • Published:
Electronic Commerce Research Aims and scope Submit manuscript

Abstract

The growth of e-commerce and other platforms has significantly increased the amount of personal data that is shared and submitted online; however, the adequate and secure collection and processing of these data is of great concern. With the EU’s implementation of a new data protection regulation in 2018, the development of personal data protection globally has reached an important turning point and has sparked the interest of scholars and businesses. Text coding was employed to compare the current personal data protection regulation landscape in the EU and in China to discover the differences between the General Data Protection Regulation and the personal data protection regulations of the fastest-growing economy in e-commerce. The results show that while there are several similarities in regard to general requirements, such as principles of data processing and basic rights for data subjects, China’s personal data protection regulations tend to lack specific operational requirements and strong legal enforcement. Based on the research results, implications and recommendations for the government and companies are provided.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Bennett, C. J. (2011). Privacy Advocacy from the Inside and the Outside: Implications for the Politics of Personal Data Protection in Networked Societies. Journal of Comparative Policy Analysis,13(2), 125–141.

    Google Scholar 

  2. Boston Consulting Group. (2016). Digitizing Europe. Retrieved from https://image-src.bcg.com/BCG-Digitizing-Europe-May-2016_tcm22-36552.pdf.

  3. Bowman, C., Li, Y., & Hou, L. (2017). A primer on China’s new cybersecurity law: privacy, cross-border transfer requirements, and data localization. Proskauer Retrieved 05Sept 2017 from https://privacylaw.proskauer.com/2017/05/articles/international/a-primer-on-chinas-new-cybersecurity-law-privacy-cross-border-transfer-requirements-and-data-localization/.

  4. Credit China. (2018). E-Commerce Integrity Convention. Credit China Shandong Qingdao Website, 12 June 2018

  5. Custers, B., et al. (2018). A comparison of data protection legislation and policies across the EU. Computer Law and Security Review,34(2), 234–243.

    Google Scholar 

  6. Dai, Z. (2018). Responsibility for protecting personal information of data companies: From GDPR to China. Economic Research Guide,2018(36), 17–19 (in Chinese).

    Google Scholar 

  7. Daly, A. (2018). The introduction of data breach notification legislation in Australia: A comparative view. Computer Law and Security Review,34(3), 477–495.

    Google Scholar 

  8. Datoo, A. (2018). Data in the post-GDPR world. Computer Fraud and Security,2018(9), 17–18.

    Google Scholar 

  9. Ermakova, E. P., & Frolova, E. E. (2019). Legal regulation of digital banking in Russia and foreign countries (European Union, USA, PRC). Vestnik Permskogo Universiteta-Juridicheskie Nauki,4, 606–625.

    Google Scholar 

  10. European Commission. (2018). Questions and answers on a fair and efficient tax system in the EU for the digital single market. Retrieved from https://europa.eu/rapid/press-release_MEMO-18-2141_en.htm.

  11. European Commission. (2018). The GDPR: new opportunities, new obligations. Retrieved from https://ec.europa.eu/commission/sites/beta-political/files/data-protection-factsheet-sme-obligations_en.pdf.

  12. European Union. (2018). Digital economy and society. Retrieved from https://europa.eu/european-union/topics/digital-economy-society_en.

  13. European Union GDPR Portal. (2018). GDPR Key Changes. Retrieved from https://www.euGDPR.org/the-regulation.html.

  14. Fang, F., & Baohui, C. (2017). Development path and empirical enlightenment of EU personal information protection. Hainan Finance,2017(05), 66–71 (in Chinese).

    Google Scholar 

  15. Feng, Y. (2019). The future of China's personal data protection law: challenges and prospects. Asia Pacific Law Review,27(1), 62–82.

    Google Scholar 

  16. Gao, H. (2018). EU personal data protection practices and enlightenment. Secrecy Science and Technology,9, 53–59 (in Chinese).

    Google Scholar 

  17. Goddard, M. (2017). The EU General Data Protection Regulation (GDPR): European regulation that has a global impact. International Journal of Market Research,59(6), 703–705.

    Google Scholar 

  18. Goncalves, M. E. (2020). The risk-based approach under the new EU data protection regulation: a critical perspective. Journal of Risk Research,23(2), 139–152.

    Google Scholar 

  19. Greenleaf, G., & Park, W.-I. (2014). South Korea's innovations in data privacy principles: Asian comparisons. Computer Law and Security Review,30(5), 492–505.

    Google Scholar 

  20. Helsper, E. J., & Reisdorf, B. C. (2017). The emergence of a “digital underclass” in Great Britain and Sweden: Changing reasons for digital exclusion. New Media and Society,19(8), 1253–1270.

    Google Scholar 

  21. Krämer, J., & Hoar, S. (2017). GDPR, Part I: History of European Data Protection Law. Mondaq, 11 June 2017, https://www.mondaq.com/unitedstates/x/643052/data+protection/GDPR+Part+I+History+of+European+Data+Protection+Law.

  22. Krämer, J., & Wohlfarth, M. (2018). Market power, regulatory convergence, and the role of data in digital markets. Telecommunications Policy,42(2), 154–171.

    Google Scholar 

  23. Lattanzi, P., et al. (2017). China's legal framework for pharmaceutical products: challenges and opportunities for EU companies. International Journal of Healthcare Technology and Management,16(1–2), 128–154.

    Google Scholar 

  24. Li, H., et al. (2019). The impact of GDPR on global technology development. Journal of Global Information Technology Management,22(1), 1–6.

    Google Scholar 

  25. Liu, X., & Gu, H. (2008). Restrictive business practices of intellectual property rights licensing and legal adjustment in different countries. Information Science,26(12), 1797–1800.

    Google Scholar 

  26. Liu, Y. (2017). The development process and reform and innovation of European personal information protection law. Jinan Journal (Philosophy and Social Sciences Edition),39(02), 72–84 (in Chinese).

    Google Scholar 

  27. Martin, N., et al. (2019). How data protection regulation affects startup innovation. Information Systems Frontiers,21(6), 1307–1324.

    Google Scholar 

  28. Martínez-Martínez, D. (2018). Unification of personal data protection in the European Union: Challenges and implications. El profesional de la información,27(1), 185–194.

    Google Scholar 

  29. Miglicco, G. (2018). GDPR is here and it is time to get serious. Computer Fraud and Security,2018(9), 9–12.

    Google Scholar 

  30. National Information Security Standardization Technical Committee. (2019). Notice on the solicitation of the national standard Information Security Technology Personal Information Security Specification (Draft). National Information Security Standardization Technical Committee official website. Retrieved 2 Jan 2019 from https://www.tc260.org.cn/front/postDetail.html?id=20190201173320.

  31. Park, B.-J. (2012). Merger control under China’s antimonopoly law: a case study. China and Sinology,15, 103–136.

    Google Scholar 

  32. Price, M.S. (2020). Internet privacy, technology, and personal information. Ethics and Information Technology.

  33. Qi, A., et al. (2018). Assessing China's Cybersecurity Law. Computer Law and Security Review,34(6), 1342–1354.

    Google Scholar 

  34. Qin, S. (2018). Research on the protection of personal information in the context of e-commerce in China. Hebei: Hebei Normal University.

    Google Scholar 

  35. Ren, Y., Cheng, F., Peng, Z., Huang, X., & Song, W. (2011). A privacy policy conflict detection method for multi-owner privacy data protection. Electronic Commerce Research,11(1), 103–121.

    Google Scholar 

  36. Rieger, A., et al. (2019). Building a Blockchain application that complies with the EU general data protection regulation. Mis Quarterly Executive,18(4), 263–279.

    Google Scholar 

  37. Ryz, L., & Grest, L. (2016). A new era in data protection. Computer Fraud and Security,2016(3), 18–20.

    Google Scholar 

  38. Sacks, S. (2018). New China data privacy standard looks more far-reaching than GDPR. Center for Strategic & International Studies, 2018.01.29. https://www.csis.org/analysis/new-china-data-privacy-standard-looks-more-far-reaching-gdpr.

  39. Saldana, J. (2009). The coding manual for qualitative researchers. New York: Sage.

    Google Scholar 

  40. STATISTA. (2019). Leading retail e-commerce markets worldwide 2014–2019. Retrieved from https://www.statista.com/statistics/377624/leading-countries-retail-e-commerce-sales/.

  41. Sullivan, C. (2019). EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era. Computer Law and Security Review,35(4), 380–397.

    Google Scholar 

  42. Van Deursen, S., & Kummeling, H. (2019). The New Silk Road: a bumpy ride for Sino-European collaborative research under the GDPR? Higher Education,78(5), 911–930.

    Google Scholar 

  43. Voss, W. G., & Houser, K. A. (2019). Personal data and the GDPR: providing a competitive advantage for US companies. American Business Law Journal,56(2), 287–344.

    Google Scholar 

  44. Wolfe, R. (2019). Learning about digital trade: Privacy and E-commerce in CETA and TPP. World Trade Review,18, S63–S84.

    Google Scholar 

  45. Wu, Y. (2014). Protecting personal data in E-government: a cross-country study. Government Information Quarterly,31(1), 150–159.

    Google Scholar 

  46. Xia, S. (2018). China data protection regulations (CDPR). China Law Blog,2018(05), 20.

    Google Scholar 

  47. Xu, F., Michael, K., & Chen, X. (2013). Factors affecting privacy disclosure on social network sites: an integrated model. Electronic Commerce Research,13(2), 151–168.

    Google Scholar 

  48. Zerlang, J. (2017). GDPR: a milestone in convergence for cyber-security and compliance. Network Security,2017(6), 8–11.

    Google Scholar 

  49. Zhang et al. (2018). China's digital economy on the rise: New engine, new opportunities. Xinhua. Retrieved from 3 Jan 2018 https://www.xinhuanet.com/english/2018-03/01/c_137009083.htm.

  50. Zhang, C. (2019). China's new regulatory regime tailored for the sharing economy: the case of uber under Chinese local government regulation in comparison to the EU, US, and the UK. Computer Law and Security Review,35(4), 462–475.

    Google Scholar 

Download references

Acknowledgements

This work was partially supported by the National Natural Science Foundation of China (71974111/91646103/71473143), and the National Key Research and Development Program (2018YFC0832305).

Author information

Authors and Affiliations

  1. School of Public Policy and Management, Tsinghua University, Beijing, China

    Philip Andreas Weber, Nan Zhang & Haiming Wu

Authors
  1. Philip Andreas Weber
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Haiming Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nan Zhang.

Ethics declarations

Conflict of interest

On behalf of all authors, the corresponding author states that there is no conflict of interest.

Appendix: Code book and output

Appendix: Code book and output

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Weber, P.A., Zhang, N. & Wu, H. A comparative analysis of personal data protection regulations between the EU and China. Electron Commer Res 20, 565–587 (2020). https://doi.org/10.1007/s10660-020-09422-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10660-020-09422-3

Keywords

Search

Navigation