The Draft includes seven sections and 55 articles in total, covering data security and industrial development, the data security regulatory system, data security protection obligations and government data security and access.   The framework of the Draft is highlighted below.

When compared to the EU or the U.S., China has lacked a comprehensive data protection and data security law that regulates in detail requirements and procedures relating to the collection, processing, control and storage of personal data. In recent years, China has seen developments on data protection both in legislation and in practice.

Recently, another significant draft law on data security was issued by the Chinese legislative authority. On June 28 to June 30, 2020, the 20th Session of the 13th Standing Committee of the National People’s Congress of China (the “NPC”) deliberated on the draft of the Data Security Law (the “Draft”), and on July 3, published the Draft on the NPC’s official website for public comment. The public comment period for the Draft will end on August 16, 2020. It is expected that the Draft will be finalized within the year and that the regulatory requirements relating to data security eventually will be reflected in law in China.


Section 1 of the Draft provides the applicable scope of the law. Under the Draft, “Data Activities” are defined as the collection, storage, processing, usage, provision, and publicity of data that records information in electronic or non-electronic forms. It is expressly stipulated in Section 1, Article 2 that not only are Data Activities conducted in China subject to the Data Security Law, but also that organizations and individuals outside of China conducting Data Activities that damage the national security or public interest of China or the legal interests of citizens and organizations of China, will be held legally liable under the law as well.

According to Section 7 (Supplementary Articles), Data Activities involving national secrets will be subject to the Law on Keeping Confidentiality of State Secrets and other relevant administrative laws and regulations of China. The Central Military Commission will develop the measures regulating military Data Activities.

Promotion of Data Usage While Maintaining Data Security

Section 2 of the Draft generally illustrates that China insists on maintaining data security that promotes the usage of data through (i) enhancing research of technology for data development and usage; (ii) establishing the data security standardization system; (iii) improving data security inspection assessment and certification; (iv) advancing the data transaction management system; and (v) facilitating education and training on data usage technology and data security in colleges, schools and enterprises.

Source:  Hunton Andrews Kurth LLP article