The evolution of Data Protection Law in recent years has registered pivotal steps ahead both in China and in the EU. While the European Union issued the GDPR (Regulation 679/2016), which came into force on 25 May 2018, in China the Cybersecurity Law received major updates and upgrades, among which, on 29 December 2017, the Standardization Administration of China issued the 国标 (guobiao) GB/t 35273-2017 (now GB/t 35273-2020), called ‘Personal Information Security Specification’ that came into effect on 1 May 2018, recently revised. Other than the similar date of applicability, the two set of rules share many overlapping dispositions, that witness the growing concerns in this field that both E.U. and China share. Despite being similar in the form, these rules then vary in the substance. Therefore, comparing these laws, declined in their respective context, can be useful in order to determine how the right to privacy and data protection is intended in these two legal systems and why some of the European rules have been adopted more leniently in China.

Chinese Law; EU Law; Data Protection Law