What is China’s new data privacy law?

A ridesharing app, Didi was accused of violating users’ privacy last month, prompting authorities to launch an investigation. (Representative image)

NEW DELHI: In an effort to tighten control over how companies – especially tech giants – collect and process their users’ information, China has passed the Personal Information Protection Act (PIPL).
The law, which comes into force on November 1, follows complaints that companies have misused or sold customer data without their knowledge or permission, resulting in fraud or unfair practices such as the imposition of prices. higher to some users.
Law and here is
* While the exact contours of the new law are still unknown, since the final draft has not been published, a previous version specified that companies will need the consent of their users to collect personal data, the user having the right right to withdraw this consent at any time.
* In addition, companies cannot refuse to provide their services to those users who refuse their consent to the collection of personal data, unless such data is necessary to provide that product or service.
* The law also sets out guidelines for protecting data when it is transferred out of the country and requires companies not only to designate a person in charge of personal information, but also to perform periodic audits to verify that the law is respected.
* Failure to comply with any of the provisions will result in heavy fines.
Twin tango
* The PIPL, which stems from the European General Data Protection Regulation (GDPR) which entered into force in 2018, as well as the Data Security Act (DSL) which will be implemented from September 1, should oblige companies to re-evaluate their data storage and processing practices. DSL directs companies to separate data based on its economic value and relevance to China’s national security.
* The laws come amid increased scrutiny by Chinese regulators over its industry and how it uses user data, prompted by public complaints about violations of user privacy.
* Last month, for example, the country’s cyberspace regulator, the Cyberspace Administration of China (CAC), announced it would open an investigation into the country’s ridesharing app, Didi, which has been accused of having violated the privacy of users. The company was forced to stop signing new users, and its app was removed from Chinese app stores.