Although somewhat sporadic, significant inroads are being made on privacy regulation and data protection in China, writes Scott Thiel

Privacy regulation in China can currently be described as very recent, uncertain, lacking in detail and in clear need of a dedicated regulator to offer practical guidance to the business community. However, the existing and emerging regulations are potentially far reaching and threaten significant sanctions for non-compliance. While it is easy to be apathetic in the face of the current uncertainty and limited enforcement activity to date, all businesses operating in China should be turning their compliance attention to this rapidly developing regulatory landscape.

The use of numbers is always important when setting the scene on matters in China: 200 billion unwanted messages are estimated to have been sent to mobile phones in the PRC in the first six months of last year, with the country now accounting for 22% of all global electronic spam. The legislative and judicial response to this growing privacy problem is moving at a pace that may well be surprising, particularly to businesses from Western markets.

There is currently no omnibus privacy regulation in the PRC. These consumer and citizen-orientated rights are largely codified in the following combination of laws, recent decisions and proposed developments:

You must be a subscriber to read this article, or you can register for free to enjoy the current issue.


Scott Thiel is a foreign legal consultant with DLA Piper and location head of the intellectual property and technology team in Hong Kong.