EDPB: Legal study on Government access to data in third countries


From the conclusion:

  • The present study preliminarily investigates the general situation of China, India and Russia concerning
    fundamental rights and freedoms, [..]

  • In relation to China, it can be seen that the Chinese legal system does not provide sufficient safeguards
    for foreigners’ data comparable to those found in the EU. Based on insights from the analysis of the
    People’s Republic of China (PRC) Constitution it is clear that government access to personal data is not
    constrained. [..]

  • In relation to India, it should be noted that the right to privacy was recognised only recently by the Indian
    Supreme Court. In close connection, also the right to personal data has received more attention.
    However, the Indian government has a track record of infringing both rights extensively. After careful
    assessment of relevant Indian legislation (Information Technology Act – IT Act, several IT Rules and
    Aadhaar Act), it may be concluded that these regulations foresee widespread exemptions for
    governmental access to personal data.[..]

  • In relation to Russia, it can be concluded that Russian data protection law is a complex matter. Although
    the formal legislative framework seems comprehensive, the enforcement and the application of the
    legislation has serious drawbacks. In addition, Russia has a striking record of violating the European
    Convention of Human Rights (ECHR) related to other related rights and freedoms, such as the freedom
    of expression [..]