According to state-run news agency Xinhua, China’s National People’s Congress enacted a law on Friday to protect internet user data privacy, which will go into effect on November 1. The bill’s adoption completes another pillar in the nation’s attempts to control cyberspace, and it is likely to increase compliance requirements for businesses in the country.
In the wake of public outcry over data mishandling and misuse that has resulted in user privacy violations, China has issued instructions to its tech titans to guarantee more safe storage of customer data. Personal information handling must have a clear and legitimate aim, according to the law, and must be restricted to the “minimum scope necessary to accomplish the purposes of dealing” data.
It also lays out the criteria under which businesses can acquire personal data, such as getting an individual’s consent and standards for maintaining data security when data is moved outside the nation. The legislation also requires personal information controllers to appoint a person to be in charge of personal information protection and perform periodic audits to verify compliance with the law.
Read also: OnePlus 9 RT is launching in October in India, China: Report
In late April, the second draught of the Personal Information Protection Act was made public. The Data Security Law and the Personal Information Protection Law are two important rules that will regulate China’s internet in the future. The Data Security Law, which will affect on September 1, establishes a framework for businesses to classify data based on its economic worth and importance to China’s national security. Meanwhile, like the GDPR in Europe, the Personal Information Protection Law establishes a framework to protect user privacy.
According to analysts, these regulations would compel Chinese firms to evaluate their data storage and processing procedures to guarantee compliance. The regulations come as part of a larger regulatory crackdown on the industry by Chinese officials, which has alarmed large and small businesses. In July, China’s main internet regulator, the Cyberspace Administration of China (CAC), said that it would investigate Chinese ride-hailing company Didi Global Inc for allegedly violating customer privacy. China’s State Administration for Market Regulation (SAMR) enacted sweeping new regulations on Tuesday to enhance fair competition and prohibiting tactics like false internet reviews.
Read also: Apple won’t let you engrave certain keywords on iPhones in China
In January, the government-backed China Consumers Association published a statement condemning digital businesses for “bullying” customers into purchases and promotions. Regulators have frequently penalised firms and apps for infringing on users’ privacy since then. China’s Ministry of Industry and Information Technology accused 43 applications of unlawfully transmitting user data on Wednesday and demanded that they correct the problem by August 24.
