On 15 September 2020, Italian Member of the European Parliament Antonio Tajani of the Group of the European People’s Party (Christian Democrats) posed a written parliamentary question to the European Commission:
“As reported in the international press, Zhenuha, a company based in Shenzen (China), has an enormous database containing detailed information on politicians, public figures, entrepreneurs, members of the institutions and their families around the world.
In Italy alone, over four thousand people are concerned, more than three thousand in France and a thousand in Germany. This seems to be only the tip of the iceberg of Chinese intelligence activities: to date, only 10% of the data has been decrypted.
Cybersecurity is a priority in relations with China, along with anti-dumping measures, the security of 5G networks and the monitoring of foreign investment.
I should like to ask the Commission the following questions:
1. Given that the extraction of large amounts of data from web pages using software is prohibited, what steps does the Commission intend to take to protect businesses and citizens?
2. Does the Commission intend to take urgent action to ask the Chinese authorities how these data were collected and to what use the company in possession of the data intend to put them?”
On 21 January 2021, Justice Commissioner Didier Reynders responded on behalf of the European Commission stating: “The Commission is aware of media reports related to the collection, by Zhenhua Data Company, of personal information about a large number of individuals, but has no additional information as to whether the Chinese government might be using this database for surveillance.
In case General Data Protection Regulation (GDPR) rules apply, the company must in principle appoint a representative in the EU to act on its behalf with respect to its GDPR obligations, cooperate with the supervisory authorities and ensure the exercise of data subjects’ rights.
This includes the possibility for supervisory authorities to address corrective measures or administrative fines imposed on the company to the representative.
The Commission stressed in the GDPR evaluation report of 24 June 2020 that ‘[w]here [such foreign] operators fail to meet their obligation to appoint a representative, supervisory authorities should make use of the full enforcement toolbox in Article 58 of the GDPR (e.g. public warnings, temporary or definitive bans on processing in the EU, enforcement against joint controllers established in the EU).’
While Member States’ national authorities are responsible for monitoring GDPR application, the Commission insists on the importance of appropriately handling European citizens’ data in line with the GDPR.”
Photo Credit : https://pixabay.com/photos/china-land-smartphone-search-3303411/