China passes sweeping new privacy law, giving it one of world’s strictest data protection schemes

The Personal Information Protection Law has strict guidelines for tech companies on how protecting citizens’ online data

Anuj Pant
Friday 20 August 2021 11:43 EDT
Comments
File: Tech companies in China have been facing the heat from the country’s regulators
File: Tech companies in China have been facing the heat from the country’s regulators (AFP via Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

China is ramping up efforts to ensure tech companies fall in line with the government’s goals to shape the internet’s future in the country.

The latest push by the Chinese government has come after its legislature passed the Personal Information Protection Law (PIPL) on Friday, paving the way for its implementation in November.

The law is ostensibly designed to ensure the protection of citizens’ online data gathered by tech companies and has strict guidelines, making it one of the toughest laws protecting personal data in the world.

It adds compliance requirements for the companies to gather and ensure better, more secure storage for user data, after several complaints of mismanagement and accusations of privacy violations.

The law tells tech companies they must have a clear purpose to store data and would be limited to the “minimum scope necessary to achieve the goals of handling” such data.

Conditions for which companies can collect personal data, including those for obtaining individual consent, have been mentioned in the law, reported Reuters.

It also describes “handlers” of the personal information or individuals who will be charged with the protection of the data and will be required to conduct audits to ensure compliance, according to Reuters.

The law will also curb what information tech firms can gather and sets standards for the storage of such data, according to the Associated Press (AP).

The second draft of the law was released in April this year. It’s full text, or the form in which it was passed by the legislature, however, is yet to be released.

The National People’s Congress, in an op-ed for state media outlet People’s Court Daily, praised the new law, and called for entities to use algorithms for “personalised decision making”, including recommendations to first obtain user consent.

“Personalisation is the result of a user’s choice, and true personalised recommendations must ensure the user’s freedom to choose, without compulsion,” the op-ed said, according to Reuters.

The law has also been compared to the European Union’s landmark General Data Protection Regulation (GDPR), which regulates the handling of personal data.

While on face value, PIPL aims to protect an individual’s freedom to choose, the law, along with an earlier Data Security Law, in reality aims to consolidate China’s efforts in stepping up regulation in the country’s tech sector.

The Data Security Law sets up a framework for companies to classify data based on its economic value and relevance to China’s national security and is set to come into effect in September.

Many experts believe the laws are the result of mounting concern in Beijing over the increased power of tech companies over the government.

PIPL, according to AP, neglects the mention of any limits to the information the government or the ruling Communist party can access.

The party has been accused of using data gathered on Uighurs and other Muslim ethnic minorities in the country.

Other concerns that emerge from the passing of the law mostly come from the tech industry, against which the government has steadily been increasing the heat by stepping up oversight.

Didi, the country’s ride-hailing giant, was forced to stop signing up new users and was removed from Chinese app stores just days after it launched a $4.4 billion initial public offering in the US.

The government’s Cyberspace Administration of China announced it would launch an investigation into the allegedly illegal collection of user data by Didi.

Similarly, the country’s State Administration for Market Regulation passed a number of rules on Tuesday that banned practices such as fake online reviews.

E-commerce giant Alibaba, in April, was fined $2.8 billion for anticompetitive practices.

The government in August said online education companies will not be allowed to receive foreign investment and could not operate as for-profit organisations, reported AP.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in