Menu Close

What is China’s new data privacy law about?

NEW DELHI: In a bid to tighten control over how companies — particularly tech giants — collect and handle their users’ information, China passed the Personal Information Protection Law (PIPL).

The law, which takes effect November 1, follows complaints that companies misused or sold customers’ data without their knowledge or permission, leading to fraud or unfair practices such as charging higher prices to some users.

Law and behold

* While the exact contours of the new law are as yet unknown, since the final draft has not been published, a previous version specified that companies will need consent from their users to collect personal data, with the user having the right to cancel that consent at any time.

* Additionally, companies can not refuse to provide their services to such users who deny consent for collection of personal data — unless that data is required for providing that product or service.

* The law also lays out guidelines for data protection when it is transferred out of the country and makes it mandatory for companies to not only designate an individual in charge of personal information but also conduct periodic audits that the law is being complied with.

* Failure to meet any of the provisions will result in hefty fines.

Twin tango

* The PIPL, which takes off from Europe’s General Data Protection Regulation (GDPR) that came into effect in 2018, together with the Data Security Law (DSL) which will be implemented from September 1, is expected to force companies to re-evaluate their data storage and processing practices. DSL tasks companies with segregating data based on its economic value and relevance to China’s national security.

* The laws arrive amidst tightening control by Chinese regulators over its industry and how it uses users’ data, prompted by public complaints about user privacy violations.

* Last month for instance, the country’s cyberspace regulator, Cyberspace Administration of China (CAC), announced that it will open a probe in the country’s ride-hailing app, Didi, which has been accused of violating users’ privacy. The company was forced to stop signing new users and its app removed from Chinese app stores.

Article: What is China’s new data privacy law all about?

Leave a Reply

Your email address will not be published. Required fields are marked *