With5G, blockchain, big data, artificial intelligence,and otherinformation and communication technologyrapid development, our lives have been gradually networked and digitized, if you recall your own day, you will find that most of the basic necessities of life seem to have started its digitalization.Not long ago, the Standing Committee of the National Peoples Congress just passed a blockbuster law, the "Data Security Law". I also did some learning. In addition to this law, there was also a "Cyber Security Law" before. The current "Personal Information Protection Law" is also rushing on the road to legislation.What kind of relationship are these three laws? Its a bit unclear, so today we will focus on studying these three laws in a comparative way(reminder, the "Personal Information Protection Law" has not yet been issued, I will not prompt it in the rest of this article for convenience).

What the three have in common

1. The background of legislation is basically the same

The three laws are all born from thebackground of the rapid development ofinformation and communication technologiessuch as5G, blockchain, big data, and artificial intelligence.Legislating these emerging technologies is in response to the needs of the development of the times.

2. The value orientation of legislation is basically the same

It seems that we need "security" more than ever. Now when we talk about "security", werefermoreto non-traditional security. This is also the overall national security concept mentioned in the National Security Law.Although from a development perspective, we still give priority to "efficiency", "efficiency" cannot be "streaking" like a runaway horse.Because the "efficiency" gained at the cost of"safety"is not worth the gain.

3. The core of the object in legal relations is basically the same

These three laws can be the "troika" in the field of the digital economy. Although the objects to be regulated are different, they generally revolve around the production and operation of data and information. The internet is the basis for carrying information.Interaction andtransmission are the purposes of the internet, and the intangibility and spillage of information need to be controlled. The core of controlling is around governmentand personal information.

Traditionally, one of the objects of legal relations is human behavior. In the era of big data and artificial intelligence, human behavior is no longer limited to physical behavior. Human behavior has been transformed into various information and data.Dont you see? Buying and selling, using, thoughts expression are all done through clicking and manipulating smart phones and computers.

4. The legislative influence is basically the same

Based on the above, these three laws will affect all aspects of the country, society, government, and individuals, because informatization and digitization have been integrated into all aspects of personal social life, government behavior, and state behavior.

The main difference between the three laws

1. The legislative purposes of the three are different

The "Cyber Security Law"emphasizes the national sovereignty of cyberspace. The"Data Security Law"focuses more on data security and national security based on data security, and the "Personal Information Protection Law" focuses on the protection of personal information.

2. The objects adjusted by the two and three are different

From the perspective of the adjustment object, the three laws are overlaped.Article 76 of the "Cyber Security Law" defines cybersecurity as means taking necessary measures to prevent attacks, intrusions, interference, and Sabotage, illegal use and accidents, keep the network in a stable and reliable operation state, as well as the ability to ensure the integrity, confidentiality, and availability of network data."The last sentence here actually refers to data security but in a subordinate position.Article 3 of the "Data Security Law" stipulates that "data security refers to the adoption of necessary measures to ensure that data is in a state of effective protection and legal use, as well as the ability to ensure a continuous state of security."It can be seen here that, in fact, network security includes data security, but it is more focused on achieving legislative purposes by regulating the construction, operation, maintenance and use of networks within the territory of the Peoples Republic of China, while the Data Security Law focuses on regulating "data processing activities within the territory of the People's Republic of China" to achieve legislative purposes.Data processing refers to "data collection, storage, use, processing, transmission, provision, disclosure, etc.", Some of these data processing activities are based on the internet, and others arenot based on the internet.To give an inappropriate example, it is like a house. The "Cyber Security Law" focuses more on the security of the door of the room and each door, while the "Data Security Law" refers to the safety of the things in the house.What about "Personal Information Protection"?Privacy probablythe equivalent of the safe of the most valuable things inside a house, where your ID card, bank card, residence booklet and some important privacy files are stored.The "Personal Information Protection" involves both the cybersecurity and the data protection.The "Data Security Law" contains not only personal information but also government information, as well as information on other industries. Therefore, the "Data Security Law" adopts a "graded and classified protection system."In summary, the three laws are independent of each other and have their own emphasis, but there are also overlaped each other.

3. The adjustment modes of the three laws are different

The adjustment mode of the "Cyber Security Law" focuses more on the regulation and adjustment according to the links involved in network operation, and it mainly divided into two parts: "network operation security" and "network information security". The regulative objects are mainly three types of entities, network operators, network products and service providers, and key information infrastructure operators.The "Data Security Law" does not regulate according to flow of "production, processing, circulation, and use of data", but divides it into a "data security system" and "data security protection obligations" for regulation and adjustment, and the objects of adjustment is more extensive, that is, all subjects engaged in data processing activities must be regulated and restricted by this law.The "Personal Information Protection Law" is more special. It is more about adjusting and protecting a de facto private law act (simply speaking, providing personal information and obtaining various services) in public law. Many articles in this law is about empowerment. TheChapter 4is "Individual's Rights in Personal Information Processing Activities", and the Chapter 5is "Obligations of Personal Information Processors". Yet, the "Cyber Security Law" and "Data Security Law" are basically obligatory provisions. Especially the "Data Security Protection Obligation" is its own chapater in the "Data Security Law".

In summary, we have carried out some superficial comparative analyses of these three laws in the hope that we can have a clearer understanding of the positioning of the three laws.

The rest is here:
Comparative analysis of "Data Security Law", "Network Security Law" and "Personal Information Protection Law" - Lexology