Data Security Law of the People's Republic of China
Data Security Law of the People's Republic of China
Data Security Law of the People's Republic of China
Order of the President of the People's Republic of China No. 84
June 10, 2021
The Data Security Law of the People's Republic of China, which has been adopted at the 29th session of the Standing Committee of the 13th National People's Congress on June 10, 2021, is hereby promulgated and shall come into effect from September 1, 2021.
Xi Jinping President of the People's Republic of China
Data Security Law of the People's Republic of China
(Adopted at the 29th session of the Standing Committee of the 13th National People's Congress on June 10, 2021)
Table of Contents
Chapter I General Provisions
Chapter II Data Security and Development
Chapter III Data Security Systems
Chapter IV Data Security Protection Obligations
Chapter V Security and Openness of Government Data
Chapter VI Legal Liability
Chapter VII Supplementary Provisions
Chapter I General Provisions
Article 1 This Law is formulated in order to regulate the data handling activities, ensure data security, promote data development and use, protect the legitimate rights and interests of individuals and organizations, and safeguard national sovereignty, security, and development interests.
Article 2 This Law shall apply to the data handling activities carried out within the territory of the People's Republic of China as well as the security regulation thereof.
Where any data handling activity carried out outside of the territory of the People's Republic of China harms the national security, public interests, or the legitimate rights and interests of citizens or organizations of the People's Republic of China, legal liability shall be investigated in accordance with the law.
Article 3 For the purpose of this Law, data shall refer to any record of information in electronic or other form.
Data handling shall refer to the collection, storage, use, processing, transmission, provision and disclosure of data.
Data security shall refer to the ability to ensure that data are being effectively protected and lawfully used and to keep the secure state by adopting necessary measures.
Article 4 In ensuring data security, the overall national security concept shall be upheld, with data security governance systems established and perfected, and data security protection capabilities increased.
Article 5 The central leadership organ of national security is responsible for the decision-making, deliberation and coordination in respect of data security work, and for researching, formulating, and guiding the implementation of national data security strategies and related significant guidelines and policies; coordinating the major matters and key work regarding national data security and establishing a national data security coordination mechanism.
Article 6 All regions and departments assume primary responsibility for the data collected and generated in the work of their respective regions or departments as well as for data security.
Competent departments of industries such as industry, telecommunications, transport, finance, natural resources, hygiene and health, education, and science and technology are responsible for the supervision of data security in respective industries or sectors.
Public security organs and national security organs are, in accordance with this Law and the relevant laws and administrative regulations, responsible for the supervision of data security within their respective scope of duties.
The national cyberspace administration authority is, in accordance with this Law and the relevant laws and administrative regulations, responsible for the comprehensive coordination of online data security and related supervision work.
Article 7 The State shall protect the data-related rights and interests of individuals and organizations; encourage lawful, reasonable, and effective data use; ensure the lawful, orderly, and free flow of data; and stimulate the development of a digital economy with data as a key factor.
Article 8 When conducting data handling activities, laws and administrative regulations shall be observed, social public morals and ethics respected, commercial and professional ethics followed, sincerity and trustworthiness upheld, data security protection obligations fulfilled, and social responsibilities undertaken. It is prohibited to harm national security or public interests or to harm the legitimate rights and interests of individuals and organizations.
Article 9 The State shall support the promotion and publicity of data security knowledge, raise the awareness and capability of the whole society in data security protection, and urge the relevant departments, industrial organizations, research institutions, enterprises, and individuals to jointly participate in data security protection work, so as to create a beneficial environment in which all walks of life jointly safeguard data security and boost development.
Article 10 Relevant industrial organizations shall, in accordance with their articles of association, legally formulate the code of conduct in and the group standards for data security, enhance industrial self-discipline, guide their members to strengthen data security protection, improve the level of data security protection and promote the healthy development of the industry.
Article 11 The State shall actively engage in international exchange and cooperation in such areas as data security governance and data development and use, participate in the formulation of international rules and standards related to data security, and promote the secure and free flow of data across borders.
Article 12 Any individual or organization has the right to file a complaint or tip-off about violations of this Law with the relevant competent departments.
......
Order of the President of the People's Republic of China No. 84
June 10, 2021
The Data Security Law of the People's Republic of China, which has been adopted at the 29th session of the Standing Committee of the 13th National People's Congress on June 10, 2021, is hereby promulgated and shall come into effect from September 1, 2021.
Xi Jinping President of the People's Republic of China
Data Security Law of the People's Republic of China
(Adopted at the 29th session of the Standing Committee of the 13th National People's Congress on June 10, 2021)
Table of Contents
Chapter I General Provisions
Chapter II Data Security and Development
Chapter III Data Security Systems
Chapter IV Data Security Protection Obligations
Chapter V Security and Openness of Government Data
Chapter VI Legal Liability
Chapter VII Supplementary Provisions
Chapter I General Provisions
Article 1 This Law is formulated in order to regulate the data handling activities, ensure data security, promote data development and use, protect the legitimate rights and interests of individuals and organizations, and safeguard national sovereignty, security, and development interests.
Article 2 This Law shall apply to the data handling activities carried out within the territory of the People's Republic of China as well as the security regulation thereof.
Where any data handling activity carried out outside of the territory of the People's Republic of China harms the national security, public interests, or the legitimate rights and interests of citizens or organizations of the People's Republic of China, legal liability shall be investigated in accordance with the law.
Article 3 For the purpose of this Law, data shall refer to any record of information in electronic or other form.
Data handling shall refer to the collection, storage, use, processing, transmission, provision and disclosure of data.
Data security shall refer to the ability to ensure that data are being effectively protected and lawfully used and to keep the secure state by adopting necessary measures.
Article 4 In ensuring data security, the overall national security concept shall be upheld, with data security governance systems established and perfected, and data security protection capabilities increased.
Article 5 The central leadership organ of national security is responsible for the decision-making, deliberation and coordination in respect of data security work, and for researching, formulating, and guiding the implementation of national data security strategies and related significant guidelines and policies; coordinating the major matters and key work regarding national data security and establishing a national data security coordination mechanism.
Article 6 All regions and departments assume primary responsibility for the data collected and generated in the work of their respective regions or departments as well as for data security.
Competent departments of industries such as industry, telecommunications, transport, finance, natural resources, hygiene and health, education, and science and technology are responsible for the supervision of data security in respective industries or sectors.
Public security organs and national security organs are, in accordance with this Law and the relevant laws and administrative regulations, responsible for the supervision of data security within their respective scope of duties.
The national cyberspace administration authority is, in accordance with this Law and the relevant laws and administrative regulations, responsible for the comprehensive coordination of online data security and related supervision work.
Article 7 The State shall protect the data-related rights and interests of individuals and organizations; encourage lawful, reasonable, and effective data use; ensure the lawful, orderly, and free flow of data; and stimulate the development of a digital economy with data as a key factor.
Article 8 When conducting data handling activities, laws and administrative regulations shall be observed, social public morals and ethics respected, commercial and professional ethics followed, sincerity and trustworthiness upheld, data security protection obligations fulfilled, and social responsibilities undertaken. It is prohibited to harm national security or public interests or to harm the legitimate rights and interests of individuals and organizations.
Article 9 The State shall support the promotion and publicity of data security knowledge, raise the awareness and capability of the whole society in data security protection, and urge the relevant departments, industrial organizations, research institutions, enterprises, and individuals to jointly participate in data security protection work, so as to create a beneficial environment in which all walks of life jointly safeguard data security and boost development.
Article 10 Relevant industrial organizations shall, in accordance with their articles of association, legally formulate the code of conduct in and the group standards for data security, enhance industrial self-discipline, guide their members to strengthen data security protection, improve the level of data security protection and promote the healthy development of the industry.
Article 11 The State shall actively engage in international exchange and cooperation in such areas as data security governance and data development and use, participate in the formulation of international rules and standards related to data security, and promote the secure and free flow of data across borders.
Article 12 Any individual or organization has the right to file a complaint or tip-off about violations of this Law with the relevant competent departments.
......