English to Chinese Legal Translation of Data Protection Documents
We’ve blogged about multilingual legal translation and data protection in the EU. Professional Chinese to English legal translation and English to Chinese translation services become relevant in the context of data protection in China.
It is true that data protection in China is a bit of an oxymoron, as China actually lacks any resemblance of a comprehensive legal framework for regulating the use and disclosure of personal data. In fact, the country doesn’t even have a national level law that states how a company can legally collect, process and retain personal data. So does this mean China is a free-for-all, Wild West landscape for the use of personal data?
Although China lacks a specific data protection law, its laws, regulations and ordinances are scattered with important rules pertaining to data protection – making it a very complicated and risky landscape to navigate.
The Right to Privacy
In principle, the right to privacy is upheld by both the Chinese constitution and its civil law system. According to the constitution, a citizen’s personal dignity is specifically protected as a ‘fundamental right’, although it fails to define what personal dignity means. Clearly, the concept of personal dignity should include certain privacy rights. Unfortunately, Chinese law is silent as to the scope of personal privacy.
The result is a haphazard right to privacy where, for example, there are laws and regulations imposing duties on courts, social security authorities, hospitals, real estate agents, life insurance companies and internet retail sites to keep personal information confidential. Some local governments have passed ordinances setting out detailed rules pertaining to the protection of consumer data (see Shanghai Consumer Protection Rules and Information Ordinance of Henan Province).
Whereas Chinese civil law is silent on data protection, its criminal code is not – a fact that all the companies doing business in China must be aware of. In 2009, the Chinese criminal code was amended to include, among other things, the inclusion of certain acts relating to data collection and privacy as criminal offenses. Thus, it is now a criminal offense for employees of government institutions and organizations operating within the financial, telecommunications, transportation, education and medical sectors to sell or ‘otherwise unlawfully provide to third parties the personal data of any citizen that has been obtained in the course of performing duties or services at such organization’. The offense is punishable by three years imprisonment and/or a monetary fine.
Although on paper this seems like a personal criminal offense, the law has been extended to include corporate offenses. If any public or private organization or institution commits either of the above mentioned criminal offenses, the law specifically provides that these organizations and institutions be subject to a monetary fine, with the responsible person to be held criminally liable.
In addition to the criminal law, in 2010 China issued its Tort Liability Law, which establishes data protection violations as tort claims, which can give rise to private civil actions. The law specifically recognizes the right to privacy as being a ‘unique type of private right’ and that ‘any party whose right to privacy is infringed can claim against the tortfeasor for actual losses, profits arising from the breach and damages for emotional distress’.
Ambiguity in the Law
Although China clearly recognizes personal privacy and data protection, both the criminal and tort laws fail to provide the important details, such as what constitutes personal data under these laws. Currently there are no regulations or court decisions addressing this void, and all companies have to work with are draft privacy and data protection laws and guides published by Chinese authorities (i.e., the Information Security Technology Guide for Personal Information Protection).
In conclusion, a company doing business in China must be cautious in its use of personal data. To start, companies should carefully review and evaluate their internal systems relating to the collection, retention, processing and transferring of customer data, ensuring that these systems incorporate best practices.
Contact our legal document translation service to request corporate document translation services from and into Chinese.