The new Chinese Civil Code has been passed by the 13. National People’s Congress on May 28, 2020. It will come into effect on January 1, 2021 and amalgamates and elaborates several pre-existing laws. This laws, including but not limited to the Contract Law, the Rights in Rem Law, the Tort Liability Law and the General Provisions and Principles of Civil Law, will, by the time the Civil Code comes into effect, be abolished.
Even though the Civil Code, consisting of 7 parts, 84 chapters and 1,260 articles, does not introduce fundamental changes to the civil law regime it should be studied carefully as it will serve as systematic fundament. Part 4 of the new Civil Code is about personality rights including chapter 6 about privacy and protection of personal information (art. 1032 – art. 1039).
This part has been especially highlighted by Chinese media as a major innovation of the Civil Code. In regard of data protection the Civil Code contains new provisions and definitions on the right to privacy and the protection of personal information. Most important it gives a legal basis for civil actions in case of data protection breaches. Prior existing laws, like the Cybersecurity Law and also the draft for the Data Protection Law can only be basis for administrative sanctions. For company this means that non-compliance with data protection regulations can now result in administrative sanctions as well as civil liability.
As the legal landscape in regard of data protection in China is developing very fast at the moment, companies should take the Civil Code, as well as the Cyber Security Law and the soon to come Data Protection Law as basis for implementing compliant data protection systems while also keeping a close eye on relevant new guidelines and national standards as they will reveal more details and often contain crucial information and definitions to bolster up the laws.