China passes significant data protection law
On Friday, China decided to pass a significant data protection law setting stricter rules on how companies gather and manage their users’ information.
The new rules continue Beijing’s tightening regulation, especially around data, which might impact the operations of China’s technology giants.
For the first time, PIPL – the Personal Information Protection presents a comprehensive collection of rules about data collection. It covers data processing and protection, that piecemeal legislation governed previously.
According to state media, on Friday, China’s legislature passed the PIPL after several drafts. However, China has not yet published the final version.
According to the previous draft, data collectors need to get user permission to obtain data, and users also can change that decision at any time. Companies are no longer allowed to refuse to provide services to users not agreeing to have their data collected, except when the company needs that data to provide that product or service.
There are also strict conditions for shifting Chinese citizens’ data outside China. According to Chinese law, companies violating these rules might be fined.
The PIPL applies after China’s regulatory scrutiny on technology companies increases. China increased its data management with the PIPL, besides its Cybersecurity Law and Data Security Law.
Beijing-based partner at Trivium China consultancy, Kendra Schaefer, said that the release of the PIPL makes changes to China’s foundational data governance regime and will lead to new regulations for tech companies.
Also, globally, there was a push to build better rules about data protection. GDPR of the European Union came into effect in 2018.
Beijing started to grow its concerns about the quantity of data companies are accumulating, especially on the internet.
This year, regulators decided to open a cybersecurity investigation for Didi. After that, one of China’s cyberspace regulators claimed that Didi illegally obtained users’ data.