China passes strict data privacy law protecting personal data


China’s top legislative body on Friday passed a new data privacy law that places limits on companies’ collection of personal user data, the latest action in the government’s ongoing efforts to tighten restrictions on tech giants operating in the country. 

China’s state-run Xinhua News Agency reported that the Standing Committee of China’s National People’s Congress approved the Personal Information Protection Law, which is expected to officially go into effect on Nov. 1, according to The Wall Street Journal

The China law, which is similar to the online privacy protection framework under Europe’s General Data Protection Regulation, states that companies must have a valid interest in obtaining personal information and that the use of the data should be restricted to the “minimum scope necessary to achieve the goals of handling” data, Reuters reported.

The law also requires companies to obtain an individual user’s consent to collect personal information, and also includes guidelines for how data is allowed to be transferred and handled outside of China.

The full text of the final version of the law was not released by the legislative committee on Friday, though a second draft was publicly released in April. 

The Journal reported that under the latest draft, facial recognition cameras used for security in urban residential compounds and other areas must only be used as a means of public security and must display alerts that can be clearly viewed by members of the public.

Potential punishments under the privacy law include fines of up to $7.7 million or up to 5 percent of a company’s income from the previous year, according to the Journal.

The Personal Information Protection Law comes as a second measure, the Data Security Law, is set to take effect on Sept. 1 and provides guidance for companies on how to categorize data based on factors like economic value and importance to China’s national security, according to Reuters.

The Chinese government in the past year has sought to increase restrictions and penalties on technology companies over allegations of online fraud, data theft and anti-competitive business practices.

Last month, China’s State Administration for Market Regulation announced that it had issued anti-monopoly fines against 22 internet companies, including six owned by Alibaba Group, five by Tencent Holding Ltd. and two by retailer Ltd.

Alibaba was previously hit in April with a nearly $2.8 billion fine following China’s completion of an investigation that found that Alibaba’s “exclusive dealing agreements” limited the sale of products on rival online platforms.

Tags China cybersecurity Data privacy Data security Reuters The Wall Street Journal

Most Popular

Load more


See all Video