China has passed a sweeping data protection law that is set to impose strict control measures on the private sector’s handling of personal data, building on an already expansive crackdown on the country’s tech sector that has rattled global stock markets.
The personal information protection law, passed through the Chinese Communist Party’s ceremonial legislature on Aug. 20, will require organizations and individuals to have a clear and reasonable purpose to “collect, use, process, transfer, trade, provide, or publicize other people’s personal information,” according to the text released by the National People’s Congress. It also requires companies to obtain individuals’ consent before collecting their personal data.
The law, to take effect on Nov. 1, also lays out strict requirements for exporting data of Chinese users outside of the country. Handlers of personal information must store the collected data locally and obtain consent from Chinese authorities before it takes any information overseas, it said.
The law also prohibits the handing over of personal data to foreign judicial and law enforcement authorities. In addition, foreign individuals and companies engaging in data mining that could harm China’s national security or public interests could be denied access to personal data and their names will be announced in public, according to the law.
The law’s passage followed a months-long regulatory crackdown on an array of tech companies, including those in the fields of e-commerce, personal finance, social media, gaming, and education.
News of the new data protection law tanked shares in e-commerce giant Alibaba by 2.6 percent in Hong Kong. Chinese online grocer Pinduoduo sank 1.2% in pre-market trading on the U.S.-based Nasdaq.
The law has drawn comparisons to the EU’s General Data Protection Regulation, a comprehensive framework designed to give European citizens more control over their data. The Chinese version, however, placed no limits on the ruling regime’s pervasive access to corporate data and surveillance on its citizens.
Hua Po, a China affairs analyst based in Beijing, said that the term “data protection” was only a pretext for the authorities to strengthen their control in the virtual sphere.
The regime is growing nervous about the amount of power being wielded by tech firms, Hua said, so it wants to take all the data from the private businesses into its own hands.
English
Arabic
Chinese (Simplified)
Dutch
French
German
Italian
Portuguese
Russian
Spanish