Drawing Boundaries Between Data Protection and Privacy: the Centre for Reforming the Data Protection Paradigm

Abstract

This article demonstrates the evolving relationship between data protection and privacy in Europe, the US, and China, from interconnection to separation. In Europe, data protection and privacy have shifted from being intertwined into distinct concepts, notably propelled by the Charter of Fundamental Rights of the European Union. Similarly, China has firmly separated data protection and privacy through legislation like the Civil Code and the Personal Information Protection Law. Even in the US, a subset of privacy akin to data protection has been delineated within the expansive privacy framework. By examining China’s landscape in more detail, this article examines the differences between data protection and privacy in terms of subject matter, the scope of subjects, burden of proof, and compensation for mental damage. Furthermore, this article critically evaluates the individual-centric, rights-based data protection paradigm, noting its shortcomings in achieving substantive fairness and tackling the escalating asymmetries between data controllers and data subjects. Afterwards, it calls for a more assertive state role in ensuring robust data protection, emphasising the importance of recognising the protection for personal data as a fundamental right to effectively counteract the mounting influence of data power.