Abstract
The growth of e-commerce and other platforms has significantly increased the amount of personal data that is shared and submitted online; however, the adequate and secure collection and processing of these data is of great concern. With the EU’s implementation of a new data protection regulation in 2018, the development of personal data protection globally has reached an important turning point and has sparked the interest of scholars and businesses. Text coding was employed to compare the current personal data protection regulation landscape in the EU and in China to discover the differences between the General Data Protection Regulation and the personal data protection regulations of the fastest-growing economy in e-commerce. The results show that while there are several similarities in regard to general requirements, such as principles of data processing and basic rights for data subjects, China’s personal data protection regulations tend to lack specific operational requirements and strong legal enforcement. Based on the research results, implications and recommendations for the government and companies are provided.
Similar content being viewed by others
References
Bennett, C. J. (2011). Privacy Advocacy from the Inside and the Outside: Implications for the Politics of Personal Data Protection in Networked Societies. Journal of Comparative Policy Analysis,13(2), 125–141.
Boston Consulting Group. (2016). Digitizing Europe. Retrieved from https://image-src.bcg.com/BCG-Digitizing-Europe-May-2016_tcm22-36552.pdf.
Bowman, C., Li, Y., & Hou, L. (2017). A primer on China’s new cybersecurity law: privacy, cross-border transfer requirements, and data localization. Proskauer Retrieved 05Sept 2017 from https://privacylaw.proskauer.com/2017/05/articles/international/a-primer-on-chinas-new-cybersecurity-law-privacy-cross-border-transfer-requirements-and-data-localization/.
Credit China. (2018). E-Commerce Integrity Convention. Credit China Shandong Qingdao Website, 12 June 2018
Custers, B., et al. (2018). A comparison of data protection legislation and policies across the EU. Computer Law and Security Review,34(2), 234–243.
Dai, Z. (2018). Responsibility for protecting personal information of data companies: From GDPR to China. Economic Research Guide,2018(36), 17–19 (in Chinese).
Daly, A. (2018). The introduction of data breach notification legislation in Australia: A comparative view. Computer Law and Security Review,34(3), 477–495.
Datoo, A. (2018). Data in the post-GDPR world. Computer Fraud and Security,2018(9), 17–18.
Ermakova, E. P., & Frolova, E. E. (2019). Legal regulation of digital banking in Russia and foreign countries (European Union, USA, PRC). Vestnik Permskogo Universiteta-Juridicheskie Nauki,4, 606–625.
European Commission. (2018). Questions and answers on a fair and efficient tax system in the EU for the digital single market. Retrieved from https://europa.eu/rapid/press-release_MEMO-18-2141_en.htm.
European Commission. (2018). The GDPR: new opportunities, new obligations. Retrieved from https://ec.europa.eu/commission/sites/beta-political/files/data-protection-factsheet-sme-obligations_en.pdf.
European Union. (2018). Digital economy and society. Retrieved from https://europa.eu/european-union/topics/digital-economy-society_en.
European Union GDPR Portal. (2018). GDPR Key Changes. Retrieved from https://www.euGDPR.org/the-regulation.html.
Fang, F., & Baohui, C. (2017). Development path and empirical enlightenment of EU personal information protection. Hainan Finance,2017(05), 66–71 (in Chinese).
Feng, Y. (2019). The future of China's personal data protection law: challenges and prospects. Asia Pacific Law Review,27(1), 62–82.
Gao, H. (2018). EU personal data protection practices and enlightenment. Secrecy Science and Technology,9, 53–59 (in Chinese).
Goddard, M. (2017). The EU General Data Protection Regulation (GDPR): European regulation that has a global impact. International Journal of Market Research,59(6), 703–705.
Goncalves, M. E. (2020). The risk-based approach under the new EU data protection regulation: a critical perspective. Journal of Risk Research,23(2), 139–152.
Greenleaf, G., & Park, W.-I. (2014). South Korea's innovations in data privacy principles: Asian comparisons. Computer Law and Security Review,30(5), 492–505.
Helsper, E. J., & Reisdorf, B. C. (2017). The emergence of a “digital underclass” in Great Britain and Sweden: Changing reasons for digital exclusion. New Media and Society,19(8), 1253–1270.
Krämer, J., & Hoar, S. (2017). GDPR, Part I: History of European Data Protection Law. Mondaq, 11 June 2017, https://www.mondaq.com/unitedstates/x/643052/data+protection/GDPR+Part+I+History+of+European+Data+Protection+Law.
Krämer, J., & Wohlfarth, M. (2018). Market power, regulatory convergence, and the role of data in digital markets. Telecommunications Policy,42(2), 154–171.
Lattanzi, P., et al. (2017). China's legal framework for pharmaceutical products: challenges and opportunities for EU companies. International Journal of Healthcare Technology and Management,16(1–2), 128–154.
Li, H., et al. (2019). The impact of GDPR on global technology development. Journal of Global Information Technology Management,22(1), 1–6.
Liu, X., & Gu, H. (2008). Restrictive business practices of intellectual property rights licensing and legal adjustment in different countries. Information Science,26(12), 1797–1800.
Liu, Y. (2017). The development process and reform and innovation of European personal information protection law. Jinan Journal (Philosophy and Social Sciences Edition),39(02), 72–84 (in Chinese).
Martin, N., et al. (2019). How data protection regulation affects startup innovation. Information Systems Frontiers,21(6), 1307–1324.
Martínez-Martínez, D. (2018). Unification of personal data protection in the European Union: Challenges and implications. El profesional de la información,27(1), 185–194.
Miglicco, G. (2018). GDPR is here and it is time to get serious. Computer Fraud and Security,2018(9), 9–12.
National Information Security Standardization Technical Committee. (2019). Notice on the solicitation of the national standard Information Security Technology Personal Information Security Specification (Draft). National Information Security Standardization Technical Committee official website. Retrieved 2 Jan 2019 from https://www.tc260.org.cn/front/postDetail.html?id=20190201173320.
Park, B.-J. (2012). Merger control under China’s antimonopoly law: a case study. China and Sinology,15, 103–136.
Price, M.S. (2020). Internet privacy, technology, and personal information. Ethics and Information Technology.
Qi, A., et al. (2018). Assessing China's Cybersecurity Law. Computer Law and Security Review,34(6), 1342–1354.
Qin, S. (2018). Research on the protection of personal information in the context of e-commerce in China. Hebei: Hebei Normal University.
Ren, Y., Cheng, F., Peng, Z., Huang, X., & Song, W. (2011). A privacy policy conflict detection method for multi-owner privacy data protection. Electronic Commerce Research,11(1), 103–121.
Rieger, A., et al. (2019). Building a Blockchain application that complies with the EU general data protection regulation. Mis Quarterly Executive,18(4), 263–279.
Ryz, L., & Grest, L. (2016). A new era in data protection. Computer Fraud and Security,2016(3), 18–20.
Sacks, S. (2018). New China data privacy standard looks more far-reaching than GDPR. Center for Strategic & International Studies, 2018.01.29. https://www.csis.org/analysis/new-china-data-privacy-standard-looks-more-far-reaching-gdpr.
Saldana, J. (2009). The coding manual for qualitative researchers. New York: Sage.
STATISTA. (2019). Leading retail e-commerce markets worldwide 2014–2019. Retrieved from https://www.statista.com/statistics/377624/leading-countries-retail-e-commerce-sales/.
Sullivan, C. (2019). EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era. Computer Law and Security Review,35(4), 380–397.
Van Deursen, S., & Kummeling, H. (2019). The New Silk Road: a bumpy ride for Sino-European collaborative research under the GDPR? Higher Education,78(5), 911–930.
Voss, W. G., & Houser, K. A. (2019). Personal data and the GDPR: providing a competitive advantage for US companies. American Business Law Journal,56(2), 287–344.
Wolfe, R. (2019). Learning about digital trade: Privacy and E-commerce in CETA and TPP. World Trade Review,18, S63–S84.
Wu, Y. (2014). Protecting personal data in E-government: a cross-country study. Government Information Quarterly,31(1), 150–159.
Xia, S. (2018). China data protection regulations (CDPR). China Law Blog,2018(05), 20.
Xu, F., Michael, K., & Chen, X. (2013). Factors affecting privacy disclosure on social network sites: an integrated model. Electronic Commerce Research,13(2), 151–168.
Zerlang, J. (2017). GDPR: a milestone in convergence for cyber-security and compliance. Network Security,2017(6), 8–11.
Zhang et al. (2018). China's digital economy on the rise: New engine, new opportunities. Xinhua. Retrieved from 3 Jan 2018 https://www.xinhuanet.com/english/2018-03/01/c_137009083.htm.
Zhang, C. (2019). China's new regulatory regime tailored for the sharing economy: the case of uber under Chinese local government regulation in comparison to the EU, US, and the UK. Computer Law and Security Review,35(4), 462–475.
Acknowledgements
This work was partially supported by the National Natural Science Foundation of China (71974111/91646103/71473143), and the National Key Research and Development Program (2018YFC0832305).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
On behalf of all authors, the corresponding author states that there is no conflict of interest.
Appendix: Code book and output
Appendix: Code book and output
Rights and permissions
About this article
Cite this article
Weber, P.A., Zhang, N. & Wu, H. A comparative analysis of personal data protection regulations between the EU and China. Electron Commer Res 20, 565–587 (2020). https://doi.org/10.1007/s10660-020-09422-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-020-09422-3