China passes new personal data privacy law, to take effect Nov. 1
Send a link to a friend
 [August 20, 2021]
By Josh Horwitz
SHANGHAI (Reuters) -China's National
People's Congress on Friday passed a law designed to protect online user
data privacy and will implement the policy from Nov. 1, according to
state media outlet Xinhua.
The law's passage completes another pillar in the country's efforts to
regulate cyberspace and is expected to add more compliance requirements
for companies in the country.
China has instructed its tech giants to ensure better secure storage of
user data, amid public complaints about mismanagement and misuse which
have resulted in user privacy violations.
The law states that handling of personal information must have clear and
reasonable purpose and shall be limited to the "minimum scope necessary
to achieve the goals of handling" data.
It also lays out conditions for which companies can collect personal
data, including obtaining an individual's consent, as well as laying out
guidelines for ensuring data protection when data is transferred outside
the country.
The law further calls for handlers of personal information to designate
an individual in charge of personal information protection, and for
handlers to conduct periodic audits to ensure compliance with the law.
The second draft of the Personal Information Protection law was released
publicly in late April.
The Personal Information Protection Law, along with the Data Security
Law,mark two major regulations set to govern China's internet in the
future.
The Data Security law, to be implemented on Sept. 1, sets a framework
for companies to classify data based on its economic value and relevance
to China's national security.
The Personal Information Protection Law, meanwhile, recalls Europe's
GDPR in setting a framework to ensure user privacy.
Both laws will require companies in China to examine their data storage
and processing practices to ensure they are compliant, according to
experts.
RATTLED COMPANIES
The laws arrive amid a broader regulatory tightening on industry from
Chinese regulators, which have rattled companies large and small.
[to top of second column]
|
The Chinese national flag is seen in Beijing, China April 29, 2020.
REUTERS/Thomas Peter
In July, China's Cyberspace Administration of China (CAC),
its top cyberspace regulator, announced it would launch an
investigation into Chinese ride-hailing giant Didi Global Inc for
allegedly violating user privacy.
On Tuesday, China's State Administration for Market Regulation (SAMR)
passed a sweeping set of rules aimed at improving fair competition,
banning practices such as fake online reviews.
In January, the government-backed China Consumers Association issued
a statement criticizing tech companies for "bullying" consumers into
making purchases and promotions..
Since then, regulators have routinely reprimanded companies and apps
for violating user privacy.
On Wednesday, the Ministry of Industry and Information Technology
accused 43 apps of illegally transferring user data and called on
them to make rectifications before Aug. 24.
On the same day of Xinhua's announcement of the data privacy law's
passage, the National People's Congress published an op-ed from
state media outlet People's Court Daily praising the legislation. It
called for entities that use algorithms for "personalized decision
making" such as recommendations to first obtain user consent.
"Personalization is the result of a user's choice, and true
personalized recommendations must ensure the user's freedom to
choose, without compulsion," the op-ed read.
"Therefore, users must be given the right to not make use of
personalized recommendation functions."
(Reporting by Josh Horwitz; Editing by Michael Perry and Mark
Heinrich)
[© 2021 Thomson Reuters. All rights
reserved.] Copyright 2021 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
