China's National People's Congress on Friday passed a law designed to protect online user data privacy and will implement the policy from Nov. 1, which is the second law in the world against data privacy. The world's first and currently the most influential related law is the General Data Protection Regulation ("GDPR" for short) implemented by the European Union in May 2018. Let's primarily focus on the similarities and differences between the two laws of China and Europe.
In terms of background, both China and European laws are formulated to deal with the collection and use of personal data by technology companies. In terms of content, both two laws include two aspects: (1) the requirements for the use of data within the country; (2) the requirements for the data to be exported abroad. From the view of specific regulations, China's sensitive personal information has a broader scope than GDPR. Why? Because the technology has been developing, and data that was not covered by the EU's law three years ago may now become a method for technology companies to profit. From the perspective of fines, the two laws are very similar, and both adopt the percentage of annual income as a reference. Specifically, the law issued by China decides a fine of 5% annual income, while that of EU law is 4% annual income.
Compared to China and Europe, the United States is the country that suffers the most from data abuse by technology companies. From a domestic perspective, the 2016 U.S. election was impacted by the abuse of user data by Facebook and Cambridge Analytica, which directly affected the result of the U.S. election. From an international perspective, American companies are often harassed by international hackers. Therefore, the United States should have promoted data privacy protection. However, the reality we see is not the case.
1. The main motive for Europe to promote the "GDPR" is to fight against American technology companies. Unlike China, most of the Internet technology products used by the people in Europe are provided by Americans, such as Alphabet and Apple. In recent years, the European Union government has been very unwelcome to American technology companies. Hence, the direct motive for the introduction of the "GDPR" is to confront American technology companies. American politicians also realized that the global Internet has been monopolized by American companies, and there is no need for the country to regulate these companies when Europeans are trying every means to cope with them.
2. U.S. technology companies make great contributions to U.S. politics, serving as the benefactors of U.S. politicians. Facebook and Amazon spend nearly $20 million each year to influence politicians, making the first and second place in the rankings (pictured below). Looking at the cost, it is easy for us to understand why Facebook can affect the US election result.
Internally, the US Congress turns a blind eye. Externally, US technology companies are a weapon for US expansion. As a result, the country will not issue such a bill to restrict its technology companies.
Although there is an invisible, tacit "agreement" between the U.S. government and technology companies, the two sides will not collaborate closely. Or else, it will trigger a strong backlash from the public. A recent case that has caused frantic discussion on data privacy in America is Apple's revision of privacy on the iPhone. The company plans to scan iPhone photos to identify and report collected child sexual abuse images. The move was welcomed by the children's protection organizations, but it was criticized by more people, thinking that Apple's action would help the government to snoop on personal privacy. Otherwise, Apple once fought hard against the FBI's requirements and has repeatedly refused to unlock the terrorist's iPhone. So, technology companies in the United States must keep a distance from the US government, and the government will not reach out to those companies.
Proper respect and concern may be the secret for the government and technology companies to coexist.