China has passed its new Personal Information Protection Law (PIPL) which seeks to tighten up the rules around data collection, processing, and protection, according to a CNBC report. Companies operating in China will now be subject to tougher rules on how people’s information can be stored and used; it’s expected to have an especial impact on tech giants which process lots of data.
The final draft of the law has not been published yet but a previous draft said that data collectors must obtain consent to collect data and users can withdraw their consent at any time. Companies will also not be allowed to deny services to users if they refuse to consent to the data collection rules unless that data collection is necessary for the functioning of the product or service.
The law also makes it more difficult for companies to transfer Chinese citizens’ data outside the country as companies have to abide by more ambitious requirements. Any company that is found to be breaking the rules risks being hit with a fine.
The importance of giving users more control over their data has come to the fore in recent years. The most notable data protection law to come into force in recent years is the European Union’s General Data Protection Regulation (GDPR). Similar laws were introduced in other areas including California.
In terms of the action we could see the Chinese taking against companies flouting the rules, we only need look to Didi Chuxing which went public in the U.S. in July. The Chinese government swiftly banned the platform from signing up new members and it was removed from Chinese app stores after it was alleged it has illegally collected user data.