China Passes Anti-Foreign Sanctions and Data Security Laws
View Debevoise In Depth
- On June 10, 2021, the Chinese National People’s Congress passed several laws including the “Anti-Foreign Sanctions Law” and the Data Security Law. As with many Chinese laws, there is some uncertainty as to some of the terms used in the laws and a significant amount of power is delegated to the relevant organs of the government to provide additional clarity.
- The Anti-Foreign Sanctions Law expands the Chinese government’s power to retaliate against foreign individuals or entities and their relatives and affiliates that take part in creating or implementing “discriminatory measures” (including but not limited to foreign sanctions) against China. It further prohibits individuals or entities within China from cooperating with “discriminatory measures.” The law also creates a private right of action in Chinese courts for Chinese entities and individuals harmed by “any person” whose compliance with discriminatory measures harms the Chinese entity or individual.
- The Data Security Law expands the data localization requirements and export rules in 2017’s Cybersecurity Law, bringing new uncertainties to businesses involving data flow out of China, including as to what types of data are covered and by which law. It also creates a “tiered protection regime” for data security and provides corresponding obligations for data processors of different kinds of data. Finally, the Data Security Law could be read to expand the prohibition on informal cooperation with foreign law enforcement authorities that was introduced in the International Criminal Judicial Assistance Law, although the exact contours of the prohibition remain unclear.