China passes sweeping new privacy law, giving it one of world’s strictest data protection schemes

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails

Sign up to our free breaking news emails

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

China is ramping up efforts to ensure tech companies fall in line with the government’s goals to shape the internet’s future in the country.

The latest push by the Chinese government has come after its legislature passed the Personal Information Protection Law (PIPL) on Friday, paving the way for its implementation in November.

The law is ostensibly designed to ensure the protection of citizens’ online data gathered by tech companies and has strict guidelines, making it one of the toughest laws protecting personal data in the world.

It adds compliance requirements for the companies to gather and ensure better, more secure storage for user data, after several complaints of mismanagement and accusations of privacy violations.

The law tells tech companies they must have a clear purpose to store data and would be limited to the “minimum scope necessary to achieve the goals of handling” such data.

Conditions for which companies can collect personal data, including those for obtaining individual consent, have been mentioned in the law, reported Reuters.

It also describes “handlers” of the personal information or individuals who will be charged with the protection of the data and will be required to conduct audits to ensure compliance, according to Reuters.

The law will also curb what information tech firms can gather and sets standards for the storage of such data, according to the Associated Press (AP).

The second draft of the law was released in April this year. It’s full text, or the form in which it was passed by the legislature, however, is yet to be released.

The National People’s Congress, in an op-ed for state media outlet People’s Court Daily, praised the new law, and called for entities to use algorithms for “personalised decision making”, including recommendations to first obtain user consent.

“Personalisation is the result of a user’s choice, and true personalised recommendations must ensure the user’s freedom to choose, without compulsion,” the op-ed said, according to Reuters.

The law has also been compared to the European Union’s landmark General Data Protection Regulation (GDPR), which regulates the handling of personal data.

While on face value, PIPL aims to protect an individual’s freedom to choose, the law, along with an earlier Data Security Law, in reality aims to consolidate China’s efforts in stepping up regulation in the country’s tech sector.

The Data Security Law sets up a framework for companies to classify data based on its economic value and relevance to China’s national security and is set to come into effect in September.

Many experts believe the laws are the result of mounting concern in Beijing over the increased power of tech companies over the government.

PIPL, according to AP, neglects the mention of any limits to the information the government or the ruling Communist party can access.

The party has been accused of using data gathered on Uighurs and other Muslim ethnic minorities in the country.

Other concerns that emerge from the passing of the law mostly come from the tech industry, against which the government has steadily been increasing the heat by stepping up oversight.

Didi, the country’s ride-hailing giant, was forced to stop signing up new users and was removed from Chinese app stores just days after it launched a $4.4 billion initial public offering in the US.

The government’s Cyberspace Administration of China announced it would launch an investigation into the allegedly illegal collection of user data by Didi.

Similarly, the country’s State Administration for Market Regulation passed a number of rules on Tuesday that banned practices such as fake online reviews.

E-commerce giant Alibaba, in April, was fined $2.8 billion for anticompetitive practices.

The government in August said online education companies will not be allowed to receive foreign investment and could not operate as for-profit organisations, reported AP.