Why China’s strong data privacy laws should reassure TikTok, ByteDance sceptics
- ByteDance is registered in Beijing and thus subject to Chinese law, giving those whose data privacy it violates the potential for redress through Chinese courts
- China’s data security laws are on a par with the world’s strongest, and prosecutors have shown an appetite for pursuing violators
Disappointingly, there has been no discussion of the lawsuits those reporters could potentially file against ByteDance. Such a discussion would illuminate the legal protections available to the reporters and the other estimated 1 billion TikTok users worldwide.
There are two reasons we think they would win their case. First, China’s legal system gives significant protection to personal data. In the past few years, China has passed a set of data security laws, including three fundamental pieces of legislation – the PIPL, the Cybersecurity Law and the Data Security Law – as well as about a dozen rules for implementation.
How China’s new data laws will make cross-border business much harder
Data security experts both in and outside China note that the PIPL contains many concepts and definitions reminiscent of the European Union’s General Data Protection Regulation (GDPR), considered one of the world’s most stringent privacy and security laws.
If ByteDance is sued in China, it will bear the burden of proof, meaning it is presumed responsible for data infringement until it proves otherwise. In this case, it has admitted to its wrongdoing and fired four employees for the incident. ByteDance could even be criminally prosecuted if it had an illegal gain exceeding 5,000 yuan (US$730) from processing the data.
The government of Wuxi, a city of 7.48 million people in Jiangsu province, recently deleted one billion pieces of data to better protect citizens’ privacy, prevent data leaks and free up data storage space.
In the past few years, China’s top prosecutor’s office has released a series of “typical cases” involving personal data protection as references for lower prosecutors’ offices across the country. Many of them were related to public interest litigation brought by local prosecutors against local government agencies for direct infringement of personal data or to request them to enforce laws in the private sector.
Chi Yin, a former judge in China, is now an operations manager and a research scholar at the US-Asia Law Institute of New York University School of Law
Tonghui Zhu is an associate professor of law at Nankai University School of Law and a director of the academic department of the Beijing CloudEvidence International Data Security Forensic Centre