China’s new data privacy rules and their ramifications

admin November 4, 2021
Updated 2021/11/05 at 6:11 AM

China recently enacted a data protection law that establishes stricter guidelines for how businesses acquire and use user data. For the first time, the Personal Information Protection Law (PIPL) establishes a complete set of regulations for data collection, processing, and protection, which had previously been controlled by piecemeal law. On November 1, 2021, the law will go into force. The final version’s complete text has yet to be revealed.

What is the purpose of China’s new data protection law (PIPL)?

State and commercial companies managing personal information will be forced to minimise data gathering and acquire user agreement under new regulations enacted by China’s highest legislative body. However, the Chinese state security apparatus will continue to have access to large amounts of personal data. The law also intends to safeguard people who are concerned about the use of personal data for user profiling or the use of big data to establish [unfair] pricing. It would also ban businesses from charging varying pricing for the same service depending on a customer’s previous purchases. Consumers are being squeezed by data analytics and are becoming targets of technical bullying, according to the China Consumers Association. Furthermore, the regulation states that Chinese citizens’ personal data cannot be transferred to nations with lesser data security requirements than China – restrictions that may cause issues for international firms. Companies that do not comply might face fines of up to 50 million yuan (about Rs 57 crore) or 5% of their yearly revenue. According to the legislation, sensitive personal data includes information such as colour, ethnicity, religion, biometric data, and a person’s location that, if disclosed, may lead to “discrimination… or significantly jeopardise the safety of persons.”

China’s recent moves against IT businesses

Tencent, the Internet-based platform business, was also fined by China’s market regulator, and its associated companies were required to cede exclusive rights to music labels. Days after raising more than $4 billion in a New York initial public offering in June 2021, Beijing’s cyber security agency started an investigation against Didi Chuxing, a ride-hailing company. Didi has been requested by China’s Cyberspace Administration to suspend accepting new user registrations, claiming that the app “violates serious rules and regulations related to the acquisition of personal information.” Thousands of customers have complained about having to pay more for calling a cab with an iPhone than with a less expensive phone model, or for tickets if they are classified as a business traveller.

The effect of the new law on the IT industry

Experts believe the legislation will have little impact on the government’s broad use of surveillance. Beijing has long been accused of using technology to speed up repression in the northwestern region of Xinjiang and elsewhere. The new restrictions are part of Beijing’s ongoing regulatory tightening, notably in the area of data, which might have an influence on how China’s digital behemoths operate. Tencent, the company behind the famous WeChat messaging programme, has warned that more rules for the technology industry may be on the way. The most significant consequence of China’s notification of the law was a significant drop in the stock prices of the country’s biggest internet companies, rekindling investor fears. The national privacy regulation is quite similar to the General Data Protection Regulation in Europe. Unlike in Europe, where governments are under more public pressure to gather data, Beijing is anticipated to preserve wide data access.

Share this Article
Leave a comment

Leave a Reply

Your email address will not be published.