Wednesday, December 04, 2019

Sun Ping on “Beyond Security: What Kind of Data Protection Law Should China Make?” Paper and Presentation at the 8th Asian Constitutional Law Forum, “Asian Constitutional Law: Recent Developments and Trends” Hanoi, Vietnam







In the 1970s Michel Foucault oracularly suggested that contemporary politics and society would be transformed in a peculiar way. He predicted the end of the individual and of the effective approach to individual autonomy in liberal democratic societies. In its place, political societies would aggregate the individual into masses—what he called “population.” These aggregations of individuals would be incarnated through the process of transforming them from abstractions to “statistics.” Statistics was understood as the rationalization of masses of data produced by the components of population to produce from out of its organization, the body of the masses. Population, then, through statistics, could reduce the individual to a subcomponent of the only politically potent stakeholder in political society—the mass.

Foucault anticipated much of what a generation later emerged as the development of data drive governance in the West and social credit regimes in Marxist-Leninist societies. I have suggested the effects of this trajectory on the individual—as the opposite side of the effects predicted by Foucault in his consideration of bio-politics. Here the individual is at the center of “statistics.” (“Next Generation Law, accessed here). He and she are stripped of their autonomy and corporeality and become nothing more than the generator of a lifetime stream of data. This stream of data is then the means through which the once autonomous individual is reconstituted as the aggregation of the stream of data they produced—judged in relation to the streams of data produced in the network of interrelated data streams of those with whom they interact. 

Sun Ping, Associate Researching Professor at the School of Law, East China University of Political Science and Law, has been producing some important and insightful work in this area. He has been focusing research on the consequences for law and society bent on the construction of this sort of “data” person. While is specific focus is China, the insights are quite compelling for the parallel developments of data society elsewhere. He recently presented his current research, “Beyond Security: What Kind of Data Protection Law Should China Make?” at the 8th Asian Constitutional Law Forum, “Asian Constitutional Law: Recent Developments and Trends” 6th and 7th December 2019, La Thanh hotel, Hanoi, Vietnam.

The paper is well worth reading. The Abstract and introduction follow along with information about the 8th ASLF. Please contact Professor Sun for a full copy of the paper.




Beyond Security: What Kind of Data Protection Law Should China Make?

Sun Ping is an Associate Researching Professor at the School of Law, East China University of Political Science and Law. Mr. Sun’s research focuses on constitutional law, fundamental rights, right to privacy, data protection, and freedom of expression. His current research focuses on social credits and data protection, defamation law and free speech, human dignity and person in the constitutional law. He has published two books and dozens of articles. He was invited to have lectures about China’s constitutional law at Columbia Law School, Penn State Law, Pontificia Universidad Católica de Chile and Shanghai-NYU. From Oct. 2018 to July 2019, he was a U.S.-China Fulbright Visiting Scholar at the US-Asia Law Institute, NYU Law School.


Abstract: Currently, in data protection legislation of China, there is a legislative mode, the security-driven mode, that appears through the articles and chapters scattered in criminal law, civil law and administrative law. However, the legislation under the security-driven mode only covers limited private sector, highly values security without proper balance with other values, targets merely on data breach and illegal obtainment, and lacks non-partial enforcing mechanism. Meanwhile, with incredible technology development and application, the initiatives of personal data collecting and using in public and private sectors, such as the social credit system, have become more and more ambitious without sufficient data protection legal frame. More importantly, because China is still struggling in transition, the current data protection laws have no roots in constitutional values, and hence, no compatible and profound theory. Therefore, China should re-comprehend the practice (Datalization, Centralization, Informatization and Preconditionalization), structure their own theory (Marxism and informational person(human)), draw on experiences and lessons from Europe (fundamental rights) and the U.S. (privacy in context), and make a Personal Information Protection Law based on fundamental rights and constitutional law. 

Keywords: Data Protection Law, Security-driven Model, Social Credit System, Informational Person
Beyond Security: What Kind of Data Protection Law Should China Make? *

Sun Ping**


Introduction

In September 2018, Personal Information Protection Law was first listed as one of the first-class drafts in the 5-year Legislative Plan of Standing Committee of the National People’s Congress (NPCSC), which means China might finally make a data protection law soon.[1] As early as 2003, with the rapid construction of E-government, the Chinese government has begun to try to make a data protection law, but 5 years later, the attempt was failed. Except for an expert’s proposal draft with EU style, there is no other result. It is from 2008 that security in cyberspace gradually became the dominant concern in public and political opinions which provided the new incentives for data protection legislative attempts. From then on, a whole new legislative mode, the security-driven mode, appears through the articles and chapters scattered in criminal law, civil law and administrative law.

In English academia, on the one hand, data protection legislation in China hasn’t drawn lots of attention. Most chapters and articles only focused on the text of all kinds of laws and regulations.[2] There hasn’t been any work that tried to, from the perspective of constitutional law, put those laws and regulations back to the political, legal and social context of China and discover the mode behind them. On the other hand, some topics related to data protection in China, such as cybersecurity and social credit system, have been talked about too much. However, without understanding the legislative attempts on data protection and the practice of collecting and using personal data, it’s impossible to comprehend the Cybersecurity Law, Social Credit System all the other topics and fields which are based on personal data collecting and using, and thus impossible to understand modern China.

For China’s respect, the Personal Information Protection Law is also of great significance. Chinese people are quite aware that data is the new oil, data is security, data is privacy, but we haven’t figure out what’s the role of constitutional law in a data-driven society.[3] However, the current practice of data collecting and using in China has caused a series of complex social changes, among which the most profound is the being of human. In daily life, what matters is not the nature person anymore, but the informational person in a remote database or platform. Therefore, what kind of data protection law should china make? should it be a law following the security-driven mode? Or should it be a law of fundamental rights based on constitutional law? These questions are not only concern about how to understand modern China better, but also how to be preparing for the coming new world. 



NOTES

* this draft is only for the 8th ASIAN CONSTITUTIONAL LAW FORUM.

** Assistant Research Professor, School of Law, East China University of Political Science and Law.

[1] The Standing Committee of the National People’s Congress, The Legislative Plan of the 13th Standing Committee of the National People’s Congress, September 7th, 2018. Usually, the Legislative Plan of NPCSC is not a solid promise. Even the first-class drafts are still full of uncertainties. See Liu Songshan, Dilution and Reflection on Legislative Planning (立法规划之淡化与反思), Political Science and Law (《政治与法律》), Vol. 12, 2014, pp. 91-93.

[2] See Graham Greenleaf, Asian Data Privacy Laws: Trade and Human Rights Perspectives, Oxford University Press (Oxford 2017), pp. 191-226. Scott Livingston & Graham Greenleaf, PRC’s New Data Export Rules: ‘Adequacy with Chinese Characteristics’?, 147 Privacy Laws & Business International Report 9, [2017] UNSWLRS 69; Scott Livingston & Graham Greenleaf, China's New Cybersecurity Law – Also a Data Privacy Law?, (2016) 144 Privacy Laws & Business International Report 1-7, [2017] UNSWLRS 19; Yang Feng (2019): The Future of China’s Personal Data Protection Law: Challenges and Prospects, Asia Pacific Law Review, DOI: 10.1080/10192557.2019.1646015; Bo Zhao and G.P. (Jeanne) Mifsud Bonnici, Protecting EU Citizens’ Personal Data in China: a Reality or a Fantasy?, International Journal of Law and Information Technology, 2016, 24, 128–150.

[3] In China, there are several professors think that it is not necessary to protect right to data protection based on constitutional law. See Wang Liming, On the Position of Right to Personal Information in the Law of Right to Personality (论个人信息权在人格权法中的地位), Journal of Suzhou University (Philosophy and Social Sciences Edition) (《苏州大学学报(哲学社会科学版)》), Vol. 6, 2012; Wang Liming, On the Legal Protection of Right to Personal Information (论个人信息权的法律保护), Modern Law Science (《现代法学》), Vol. 4, 2013; Gao Fuping, Personal Information Protection: From Individual Control to Social Control (个人信息保护:从个人控制到社会控制), Chinese Journal of Law (《法学研究》), Vol. 3, 2018.

__________ 
















No comments: