중국의 개인정보보호 법제 구축에 대한 소고 -중화인민공화국 개인정보보호법(초안)을 중심으로-

The Personal Information Protection Act(Draft), announced on October 21, 2020, is China's first law on the protection of personal information and is highly likely to be passed at the National People's Congress (NPC) scheduled to be held in March 2021. The Draft consists of 8 Chapters, including processing rules on personal information, the onward transfer of personal information, individual’s rights and controller’s duties in processing personal data, and legal liability and so on. The most of contents mentioned above are thought as being greatly influenced by the GDPR, and evaluated to be able to contribute to the protection of personal information. However the Draft still remains some problems such as follows. Firstly, the provisions on individual's rights and controller's duties in processing personal information are so unclear and ambiguous. Thus it is thought to have a negative impact on the protection of personal information. Secondly, there is also a risk that personal information is not properly protected if the government is a controller. The reason is that the Draft permits widely for government to process not being based on individual's consent. Thirdly, the Draft allows basically the processing of sensitive personal data, when specific purposes and sufficiently necessaries can be confirmed. But it is thought that it will work against personal information protection. Finally, the controller can be subject to large amount of administrative fine depending on the severity of it’s unlawful acts, but criterion for the severity is not clear. In result, it is possible that the controller faces the risk, or arbitrary decision made by Chinese government.