Welcome to Francis Academic Press

Academic Journal of Computing & Information Science, 2022, 5(14); doi: 10.25236/AJCIS.2022.051412.

On Data Security Protection Obligations of Internet Service Providers


Lu Dingliang1, Shan Yifei2

Corresponding Author:
Lu Dingliang

1Law School, Beijing Normal University, Beijing, China

2Hillary Rodham Clinton School of Law, Swansea University, Swansea Wales, the United Kingdom


Multiple legal departments must coordinate for internet service providers to meet their data security protection duties. The data security requirement of ISPs necessitates the coordination of multiple legal entities. Observing the data protection obligations of Internet service providers through the lens of a single legal department or a single regulatory regulation is skewed. A better strategy is to concentrate on the issue at hand and to think broadly. By constructing a comprehensive and multi-level data security protection obligation system for Internet service providers based on the "behavior-consequence" model, it is possible to realize the conceptualization and systematization of norms and develop a comprehensive picture of data security. The normative framework of data security protection for ISPs must be constructed using abstract notions, legal principles, and external systems. The "rule-principle" style of legal system construction enables the synchronization of formal and substantive justice, as well as stability and correctness. The normative framework focusing on data security protection is favourable to Internet service provider compliance governance. Effective compliance governance can make ISPs more attentive to the use and security of data.


ISPs; data security; logic structure of legal norm; system constructure; compliance regulation

Cite This Paper

Lu Dingliang, Shan Yifei. On Data Security Protection Obligations of Internet Service Providers. Academic Journal of Computing & Information Science (2022), Vol. 5, Issue 14: 72-81. https://doi.org/10.25236/AJCIS.2022.051412.


[1] Zhang Linghan (2021), "The Platform's Data Security Obligations under the Data Production Theory", in Law Forum, No. 2, p 49.

[2] Data protection responsibility of the controller under Chapter 4 of the EU General Data Protection Regulation 

[3] Please refer to Shenjin v. Alipay (China) Network Technology Co., Ltd, etc., Civil Judgment of Beijing Chaoyang District People's Court. [2018] Beijing 0105 civil case No. 36658.

[4] Zhang Xiaojun (2020), "A Model and Reference for Rule Construction of Data Sovereignty — On Rule Construction of Data Sovereignty in China", Modern Jurisprudence, No.6, pp. 137-138.

[5] Xie Hongfei (2018), "The External System Benefits of Civil Code and Its Expansion", Global Law Review, No. 2, p.30.

[6] Lei Lei (2016), "Legal System, Legal Methods and the Rule of Law", China University of Political Science and Law Press, pp.55-57.

[7] Medicus, Dieter, "The Foundations of the Right of Claim", translated by Chen Weizuo, Tian Shiyong, Wang Hongliang and Zhang Shuanggen(2012), Law Press, p.16.

[8] Kripke, "Naming and Necessity", translated by Mei Wen, edited by Tu Jiliang and Zhu Shuilin(2002), Shanghai Translation Press, p.29.

[9] Fang Weigui (2020), "What is Conceptual History", Life · Reading · Xinzhi Sanlian Bookstore (preface), pp. 3.

[10] Zhu Zhen(2016), "A Conceptual Analysis of Analytical Jurisprudence", Legal System and Social Development, No. 1, p.146.

[11] Item 3, Article 76 of the PRC Cybersecurity Law, promulgated by the National Peoples’ Congress, PRC.

[12] There is a view that the core concept of the CyberSecurity Law is "cyberspace security." For details, see Shou Bu(2017), "An Analysis of Some Basic Concepts of the CyberSecurity Law," in Technology and Law, No. 4, pp. 6-8.

[13] Kelsen, Hans(2013), "The General Theory of Law and the State", translated by Shen Zongling, Commercial Press, p. 31.

[14] Article 7 of the CyberSecurity Review Measures, jointly issued by Cyberspace Administration, National Development and Reform Commission, Ministry of Industry and Information Technology, Ministry of Public Security of and Ministry of State Security, etc, PRC .

[15] Ferdinand de Saussure(2011), "Manuscripts in General Linguistics, organized and edited by Simon Bouquet and Rudolf Engler", translated by Yu Xiuying, Nanjing University Edition, pp.53-54.

[16] Modern Chinese Dictionary (2016)edited by the Dictionary Editorial Office of the Institute of Language, Chinese Academy of Social Sciences, The Commercial Press, p.1216, p.1437, p.1461.

[17] Jiang Yongzhuo(2014), "Differing Language": A Reconsideration of Derrida's Criticism of Saussure, "in Foreign Language Journal, No. 6, p. 4.

[18] Article 38 of the Data Security Law, promulgated by the National People’s Congress, PRC

[19] C. E. Shannon(1948), "A Mathematical Theory of Communication", The Bell System Technical Journal, No.27, p.389.

[20] Item (1) of Article 2 of the Regulations of Shenzhen Special Economic Zone on Data, promulgated by the Shenzhen Municipal People's Congress, PRC .

[21] Cheng Xiao(2018), "On Personal Data Rights in the Era of Big Data," Chinese Social Science,No 3 , pp.105-106.

[22] Ji Hailong, "Private Law Position and Protection of Data," Chinese Journal of Law, 6 (2018), pp.73-76.

[23] Mei Xiaying(2020), "The Legal Significance of Distinguishing the Concepts of Information and Data," Comparative Law Studies, No.6, pp.155-159.

[24] Peng Chengxin and Xiang Qin(2019), "The Private Law Definition of" Information "and" Data ", in Henan Social Science, No. 11, pp. 30-35.

[25] Liu Deliang(2014), "The Distinction and Significance between the Object of Right and the Object of Right in Civil Law", Jinan Journal (Philosophy and Social Sciences), No.9,  p.8.

[26] Wang Qinghua(2021), "The Right Structure, Legal Effect and Chinization of Data Portability Right", China Law Review, No.3, p.191.

[27] Shi Dan(2018), "A Study on Data Ownership and Its Protection Path in the Era of Big Data," in Journal of Xi 'an Jiaotong University (Social Sciences), No. 3, pp.79-81. 

[28] Zhang Xiaojun (2020), "The Model and Reference of Data Sovereignty Rule Construction —Also on the Rule Construction of Data Sovereignty in China", Modern Law, No.6, p. 137.

[29] Shu Guoying (2019),  "Introduction to Jurisprudence", Peking University Press, pp. 113-114.

[30] Alexi (2012), "Law: Institutionalization as Rationality", translated by Lei Lei, China Legal Publishing House,  pp. 136-138.

[31] Liu Quan (2021), "Dispute and Reflection on the Application of the Principle of Proportionality," in Comparative Law Research, No.5, pp. 177-180.

[32] Dworkin, Ronald. "Justice in the Robe", translated by Zhou Lingang and Zhai Zhiyong, Beijing University Press, 2014, p. 167.

[33] Ji Weidong (2018), "A Multidimensional Perspective on the Right to Data Protection", Politics and Law, 10. 2021, p.11.

[34] Shi Jichun and Deng Feng (2001), "Economic Law: An Introduction", Law Press,No.2,  p.158.

[35] Shen Zongling (2014), "Jurisprudence", Peking University Press, p.28.

[36] Article 1198 of the Civil Code, promulgated by the National People’s Congress, PRC.

[37] Wang Siyuan (2017), "On the Security Obligation of Network Operators," in Contemporary Law, No. 1, p.32.

[38] Leading Group for the Implementation of the Civil Code of the Supreme People's Court, ed. "Understanding and Application of Tort Liability Part of the Civil Code of the People's Republic of China", People's Court Publishing House(2020), pp.284-287.

[39] Article 286 of the Criminal Law, promulgated by the National People’s Congress, PRC.

[40] Articles 21, 22, 24, 25, 28, 37, 40, 41, 42, 47 and 49 of the Cybersecurity Law,PRC.

[41] Refer to the tort liability dispute between Li Zhong v. Wuhan Guanggu Sub-branch of China Merchants Bank Co., Ltd. and Wuhan Branch of China Mobile Communications Group Hubei Co., Ltd., the civil judgment of second instance issued by Wuhan Intermediate People's Court of Hubei Province, Hubei 01 civil case [2019] No. 5119.

[42] For example, Article 9 of the PRC Cybersecurity Law, promulgated by the National Peoples’ Congress, PRC.