Can vague legal criteria for personal information protection spark innovation?
As some of the first major regulations on cybersecurity, the EU’s recently implemented General Data Protection Regulation (GDPR) and China’s Cybersecurity Law (CSL) have inevitably set standards for the rest of the world to consider when determining how to govern cyberspace. Despite some differences, these two laws both take government-oriented, onerous approaches to data protection. This, coupled with the lack of a comprehensive cybersecurity law in the US, has necessitated that US businesses operating abroad develop reactionary plans. For those global businesses that operate in both Europe and China, it is important to understand the key similarities and differences between the GDPR and the CSL.