China passes key data protection law as regulatory oversight increases
A Chinese mobile phone user in Shanghai. China has passed the Personal Information Protection Act (PIPL), which for the first time sets out a comprehensive set of rules regarding data collection.
Qi Yang | instant | Getty Images
GUANGZHOU, China – China passed a major data protection law on Friday setting out stricter rules for how companies collect and process their users’ information.
The rules come on top of Beijing’s tightening of regulations, especially around data, which could have an impact on how China’s tech giants operate.
The Personal Information Protection Act (PIPL) sets out for the first time a comprehensive set of rules regarding the collection, processing and protection of data, which were previously governed by fragmentary legislation.
After several bills, the PIPL was adopted by the Chinese parliament on Friday, according to official media. However, the final version of the law has yet to be released.
A previous bill stipulated that data collectors must obtain user consent to collect data and that users can withdraw that consent at any time. Companies that process data cannot refuse to provide services to users who do not agree to their data being collected, unless such data is necessary for the provision of that product or service.
There are also strict requirements for transferring the data of Chinese citizens outside the country.
Companies that break the rules can be fined.
Beijing intensifies its technical control
The PIPL comes as China’s regulatory control over the country’s tech companies intensifies. With the PIPL, along with the country’s cybersecurity law and data security law, China has tightened its data regulations.
“The publication of the PIPL completes the treble of China’s core data governance regime and will usher in a new era of data compliance for technology companies,” said Kendra Schaefer, Beijing-based partner at consultancy Trivium China.