Parliamentary questions
PDF 191kWORD 16k
17 June 2016
O-000091/2016
Question for oral answer O-000091/2016
to the Commission
Rule 128
Axel Voss, Monika Hohlmeier, Kinga Gál, Michał Boni, on behalf of the PPE Group

 Subject: Personal data transfers to China - what protection for EU citizens?

It appears to be a key finding of the recent ad hoc civil liberties mission to China that an adequate personal data protection law does not yet exist in the People’s Republic of China. China has not enacted any legislation that specifically addresses the collection, storage, transmission and handling of personal information. Nor has it yet entered into any agreement with the EU related to data transfers, although targeted provisions exist for the protection of personal information, typically regulating a specific industrial sector (for example, the telecommunications sector) or relating to certain information of a specific nature (for example, individual financial credit information, consumer information, public health information or medical records).

However, while the EU limits transfers of personal data to any country that does not meet its own stringent legal adequacy requirements for privacy, personal data flows between the EU and China have become a pressing reality in practice within contemporary cloud computing environments, in relation to which vast data centres are likely to be installed or are already operating in China. Indeed, China has adopted an aggressive commercial policy to this end, constructing an ‘International Offshore Cloud Computing Zone’ in Chongqing and opening up the Shanghai Free Trade Zone to foreign investors, with Chinese companies such as Alibaba’s cloud computing subsidiary playing a key role.

While international cloud transfers to China cannot evidently be regulated under an EU ‘adequacy’ finding, how can the Commission guarantee that transfers of EU citizens’ data to China are compatible with EU requirements on privacy and data protection?

What are the alternatives that the EU should examine in order to ensure safe transfers and guarantee that EU citizens’ data are fully protected in China?

Has the Commission opened discussions on exactly what the abovementioned development means for EU citizens’ personal information?

On the other hand, has the Commission monitored the consequences for EU businesses of the proposed Chinese rules relating to the so-called ‘big data dam’ and the potential restrictions on the free flow of data across borders?

Legal notice