China
Broader in scope, CSL and DSL also regulate non-personal data. (2) Regulation of electronic and non-electronic data Under China’s data protection framework, the definition of “data” generally encompasses both electronic and non-electronic forms. For instance, the PIPL defines personal data as various information relating to an identified or identifiable natural person recorded by electronic or other means. While most laws and regulations do not distinguish between electronic and non-electronic data, certain regulations (such as the CSL and the Regulations on Network Data Security Management) regulate only “network data”, which refers to electronic data processed and generated through networks, and are therefore electronic by nature. 3.1.4. Other key definitions pertaining to data and its processing (1) “Processing”: According to the PIPL, the processing of personal data includes the collection, storage, use, processing, transmission, provision, disclosure, and deletion etc. of personal information/data. (2) “Personal Data Processor”: Different from the GDPR, the PIPL does not use the term “controller” to refer to entities that hold or process personal data. Instead, it names such entities as “Personal Data Processor”. According to the PIPL, a Personal Data Processor is defined as an organization or individual that independently determines
the purpose and method of the processing of personal data. (3) “Entrusted processing party”: Instead of using the term “processor” in GDPR, the PIPL sets out the scenario of entrusted processing of personal data. An “Entrusted processing party” refers to an individual or an organization being engaged or entrusted by others to process personal data in accordance with its instructions and is akin to the concept of “processor”. (4) “Data Subject”: The PIPL does not define “data subject”. As both the Civil Code and the PIPL provide that a natural person’s personal data shall be protected by law, it is generally understood that a natural person/individual identified by the personal data shall be regarded as a data subject. (5) “De-identification”: According to the PIPL, it refers to the process in which personal data is processed so that it is impossible to identify certain natural persons without the aid of additional information. (6) “Anonymization”: According to the PIPL, it refers to the process through which personal data is irreversibly processed using technical means to ensure that specific individuals cannot be identified, and the original data cannot be restored.
www.llinkslaw.com
Made with FlippingBook - PDF hosting