European Parliament, LIBE Committee, China Report

A new European Union report finds China to be quite lacking adequate privacy protections for data, both because of law enforcement access and limited commercial protections.

The in-depth analysis was commissioned by the European Parliament's Policy Department for Citizens' Rights and Constitutional Affairs at the request of the LIBE Committee.  The report was written by Prof. Paul de Hert and Dr. Vagelis Papakonstantinou of  Vrije Universiteit Brussel.  The report makes a critical conclusion:

In this context, it is established in this report that the basics of international data protection are not unequivocally in place in China today. If a legalistic approach was adopted, then no common ground could be found between two fundamentally different systems both in their wording and in their raison d’être. Consequently, data transfers would need to be prohibited towards China, on the basis of Article 25 of the EU 1995 Data Protection Directive. However, this would be an impractical, if not unnecessary position. "

The European Court of Justice recently struck down the Safe Harbor program relied on by many US companies to transfer data from Europe to the US.  The Court was primarily concerned about the activities of the National Security Agency and negotiators are struggling to negotiate a new agreement that provides promises of greater oversight or transparency for data transfers that may be subject to government access.

The US- EU negotiators are still a ways apart, but are likely to succeed in bridging the gaps in the upcoming month.  As Future of Privacy Forum Senior Fellow Professor Peter Swire explained in a report last week, despite differences in US and EU law, both systems are constitutional structures that include separation of powers, independent judiciaries and respect for rights.  Many other countries, from China and Russia to many others, lack the basic semblance of essential legal protections that are in any way equivalent to EU privacy laws.  In fact the new EU privacy law that is in the process of final approvals further widens the gap between the EU and many countries.  Some of those countries, including the US, can and will improve their domestic privacy regimes, but EU officials will need to develop policy that can successfully bridge these gaps.  If not, data flows from the EU to dozens of countries around the world will risk being cut-off, doing real harm to the EU economy, EU consumers and global trade.