On 23 September 2020, Czech Member of the European Parliament (MEP) Tomáš Zdechovský of the Group of the European People’s Party, posed a written parliamentary question to the European Commission:
“Shenzhen Zhenhua Data Information Technology Co. Ltd. is a big data collection company that provides open-source intelligence profiling and threat intelligence services. It is building tools to process the world’s open-source information about influential people from social media websites into data that can be used by government actors and the Chinese military. Leaked data revealed that approximately 2.4 million people around the globe are monitored by an Overseas Key Information Database (OKIDB). This includes spying on various influential political leaders and their families.
Zhenhua advertises its services as being suitable for ‘hybrid warfare’ and ‘psychological warfare’. It is highly worrying that the company’s website listed a series of partners that included military contractors.
1. In light of the above, how does the EU plan to protect European citizens and their families?
2. Will the Commission address and debate this urgent issue with the responsible Chinese authorities?”
On 22 January 2021, Justice Commissioner Didier Reynders responded on behalf of the European Commission stating: “The Commission is aware of media reports related to the collection by Zhenhua Data Company of personal information about a large number of individuals. It has no information whether the Chinese government might be using this database for surveillance.
In case the General Data Protection Regulation (GDPR) rules apply to this collection, the company must in principle appoint a representative in the EU which can be addressed in addition to or instead of the company by, in particular, the independent EU data protection authorities (DPAs).
The DPA can address corrective measures to or impose administrative fines on the company to the representative. The Commission has stressed that, ‘[w]here [foreign] operators fail to meet their obligation to appoint a representative, supervisory authorities should make use of the full enforcement toolbox in Article 58 of the GDPR (e.g. public warnings, temporary or definitive bans on processing in the EU, etc.)’.
Article 5 of the ePrivacy Directive ensures the confidentiality of communications and the integrity of users’ terminal equipment.
While Member States’ national authorities are responsible for monitoring the application of the GDPR and ePrivacy Directive, the Commission shares the view on the importance of appropriate handling of personal data of European citizens in line with the GDPR.”
Photo Credit : https://pixabay.com/photos/regulation-gdpr-data-protection-3246979/