China passes robust legislation on data protection
China on Friday passed a new legislation to curb and regulate online data collection by private companies, official media reported
China on Friday passed a new legislation to curb and regulate online data collection by private companies, official media reported.
The Personal Information Protection Law (PIPL), the first such law in China, was passed by China’s rubber-stamp Parliament, the National People’s Congress and will be implemented by November 1.
The passage of the law comes in the backdrop of increasing scrutiny of tech giants such as Alibaba and Tencent and taxi hailing company, Didi, by the Chinese government.
The law prohibits “illegally collecting, using, processing, transmitting, disclosing and trading people’s personal information”, according to the official news agency, Xinhua.
The new law stipulates that individual consent should be obtained when processing sensitive personal information such as biometrics, medical and health, financial accounts, and whereabouts of the individual.
“When pushing information and business marketing to individuals through automated decision-making, personal information processors should provide options that don’t target personal characteristics at the same time, or offer ways of rejection,” says the law.
The law also requires suspension or termination of services for apps that illegally process personal data, according to Xinhua.
It also calls for handlers of personal information to designate an individual in charge of personal information protection and conduct periodic audits to ensure compliance with the law.
Along with Cyber Security Law and the Data Security Law, the PIPL will create a “…comprehensive legal framework to regulate businesses’ collection, storage and use of personal data and their handling of key data concerning national security, and strengthen the current protection regime,” the tabloid, Global Times reported.
Compared with the West, China lags behind in the regulation of personal privacy based on a basic law like the Personal Information Protection Law, but has been quickly catching up in recent years, experts told the tabloid.
The new law resembles the world’s most robust framework for online privacy protections rolled out by Europe -- the General Data Protection Regulation, which came into effect on May 25, 2018.
