Data Protection, Privacy and Information Law
What are the key data privacy considerations for Chinese companies operating in the UK and Europe? Jonathan McDonald provides an overview following recent regulatory changing in the EU and China.
Hello, my name is Johnny McDonald and I am a Partner with the law firm Charles Russell Speechlys, where I head up the firm’s Data Protection, Privacy and Information Management law practice. For the next few minutes, I am going to be talking a little bit about my practice and why I think this is important and potentially interesting for clients from China.
Before I talk about the practice itself, just a few words on the firm, Charles Russell Speechlys. We are an international law firm, we are headquartered in London and we have eight international offices across Europe, the Middle East and in Hong Kong. A large proportion of the work we do is international in nature and that is particularly the case in my practice, where over 50% of the work I do, has some kind of international dimension. Of particular importance for clients from China and Chinese businesses, we also have regional desks, including one for the People’s Republic of China and has fluent Chinese speakers in both Mandarin and Cantonese.
Turning now to my practice itself. As I say, I head up the firm’s Data Protection, Privacy and Information Management law practice and in short, we offer end to end advice in this complex area of law. There’s really three prongs to what we do; firstly, commercial data law advice, so if you are looking to do deals with data as an asset, if you are looking to share data, appoint service providers to process that data on your behalf, that is really what we are looking at in complex corporate and commercial transactions. Secondly, is there regulatory limb to what we do. In short, this is a complex increasingly international area of law, where businesses have to comply with a patchwork of different requirements and we help clients to navigate through that patchwork.
Thirdly, we provide contentious advice as well. So when things go wrong, if you end up in disputes, if people are trying to exercise their rights under data protection law against you, or if you suffer some kind of security of data breach incidents, we are able to help clients in those cases too.
Of particular importance for international and Chinese clients, we provide multi jurisdiction advice, and we feel we are uniquely positioned to do so. Not only as UK lawyers with the European and now post Brexit UK long history of Data Protection Regulation, but also because of the English language benefits in all time zones, we are able to deal with third party law firms and clients across the world. So if, for example, you are launching a new product or service that requires international advice, we are able to coordinate, manage and advise entire projects.
The final point which I wanted to talk about for a few minutes is why I think that this is potentially an important area for clients from The People’s Republic of China. In short, this is an important area internationally under any circumstances. Data is a commercially important asset that businesses are looking to leverage. Not only that, but regulators and governments are aware that this is an important area that requires close scrutiny and we are seeing an increase in laws in this area internationally, and that is really one of the key points I wanted to focus on. Why it’s perhaps important for us, as UK lawyers to be talking to businesses in China about these risks and that is because in some respects, the European Union General Data Protection Regulation is serving as a bit of a blueprint for an increasing influx of Data Protection laws around the world and no more so is this more apparent than in China itself, where we are seeing a new Data Security law, which came into force on 1 September 2021 and a new Personal Information Protection law which comes into force on 1 November 2021 which has certain similarities with EU Data Protection law. For example, the sanctions under those regimes are far more severe than they ever were in the past, and the law also governs things like international transfers of data, data leaving China and thirdly, it has an international limb itself, seeking not only to apply to businesses based in the Plc, but also to anyone who maybe wishing to target goods and services into The People’s Republic of China.
This is the type of law with our experience under EU provisions, having advised in this area since 2018 and walked our clients through compliance with a new complex law coming into force, we speak the same language as lawyers across the world looking to advise in this space and we are well positioned to assist businesses here. That really brings my brief introduction to my practice to a close, my contact details are on the final slide.