On 12 January 2010, Google Inc. created headline news by announcing its concerns about "having to shut down its Chinese internet sites" and, potentially, its operations in China. By making such an announcement, Google raised the attention of the world to the challenges it (and all other internet operators) encounters while doing business in China - censorship and protection of data privacy being the first in line.

But as some commentators put it in the press, data privacy is much more important than censorship in the "Google case" because loss of trust in Google's protection of personal data would have cataclysmic effects on its business.

In brief, in China no law or regulation establishes the right to privacy as a civil right per se. However, Chinese laws do to a limited extent implicitly cover the right to privacy under the protection of personal dignity and the right of reputation. Administrative (fine, withdrawal of operational licences, etc.), civil (public apology, rehabilitation, damages, etc.) and criminal (imprisonment, fine) sanctions can be applied in the event of unlawful access to other people's personal data with varying degrees of success.

At the same time, virtually all regulations referring to the right to privacy authorize monitoring, surveillance and control of prohibited content, information and messages (such content being vaguely defined and can vary from time to time) by the Chinese government.

In this context the frontier between data privacy and monitoring by the Chinese government can be extremely uncertain. From a practical point of view, Google in China (and other internet content providers) has to protect the confidentiality of personal data of online subscribers from unlawful/unauthorized disclosure, and establish and keep server security whilst at the same time identifying prohibited content, keeping records on it and reporting it to the authorities.

Unfortunately for Google, Chinese legal remedies available to protect its own interests before Chinese tribunals are extremely limited. If Chinese hackers attack Google, various remedies can be pursued from civil (for the infringement of intellectual property rights, breach of contracts, loss of profit, damage of reputation and credibility, etc.), criminal (in severe cases) and administrative (for offences not severe enough for criminal liabilities) perspectives. However, in practice, civil claims for damages against hackers by internet service/information providers are rarely successful/fruitful mainly due to the fact that most of (if not all) identified hacking attacks were initiated by individuals who are unable to remedy the (huge) economic losses incurred.

With such limited legal options to protect itself and its users from attacks coming from China, Google's announcement may also be seen as a rational answer to the risk of losing its corporate credibility and might be seeking for the Chinese government to take decisive legal action in this respect. It may be that the forthcoming Chinese Tort Liability Law set to come into effect on 1 July 2010 is a step in the right direction. This law expressly recognizes the right of privacy (still not defined), for the first time, independently among other civil rights and interests and establishes individual citizens’ right to sue infringers for damages for the infringement of privacy right. But perhaps of more local significance, the recent attack from hackers suffered by Baidu, the Chinese search engine champion, will raise the awareness of the Chinese government about both the data subject's and the corporate's commercial interest in protecting the personal data held by corporations.