- GS-2: Policies and politics of developed and developing countries
China’s new data privacy laws and its impact
Context: China has recently passed a data protection law setting out tougher rules on how companies collect and handle their users’ information.
- The Personal Information Protection Law (PIPL) lays out for the first time a comprehensive set of rules around data collection, processing and protection, that were previously governed by piecemeal legislation.
- The law will take effect on November 1, 2021. The full text of the final version hasn’t yet been released.
Recent actions by Chinese on tech companies
- China’s market regulator had also slapped fines on Internet-based platform company Tencent and asked its affiliated companies to relinquish exclusive rights to music labels.
- Beijing’s cyber security agency had launched a probe into ride-hailing group Didi Chuxing days after it raised more than $4 billion in a New York initial public offering in June 2021.
- The Cyberspace Administration of China had asked Didi to stop accepting new user registrations saying that the app “has serious violations of laws and regulations pertaining to the collection of personal information”.
- Tens of thousands of consumers had complained about having to pay more for hailing a taxi using an iPhone than a cheaper mobile phone model or for tickets if they are profiled as a business traveller
What is China’s new data protection law (PIPL) all about?
- Under the new rules passed by China’s top legislative body, state and private entities handling personal information will be required to reduce data collection and obtain user consent.
- The Chinese state security apparatus will maintain access to swathes of personal data, however.
- The law also aims to protect those who feel strongly about personal data being used for user profiling or the use of big data in setting [unfair] prices.
- It will also prevent companies from setting different prices for the same service based on clients’ shopping history.
- China Consumers Association had stated that the consumers are being squeezed by data algorithms and becoming the targets of technical bullying.
- More so, the law stipulates that the personal data of Chinese nationals cannot be transferred to countries with lower standards of data security than China — rules which may present problems for foreign businesses.
- Companies that fail to comply can face fines to the tune of up to 50 million yuan (around Rs 57 crore) or five per cent of their annual turnover.
- The law says sensitive personal data includes information which if leaked can lead to “discrimination… or seriously threaten the safety of individuals” including race, ethnicity, religion, biometric data or a person’s whereabouts.
Impact of new law on the tech industry
- Experts believe that the policy is unlikely to limit the state’s widespread use of surveillance. Beijing has long been accused of harnessing big tech to accelerate repression in the northwestern Xinjiang province and elsewhere.
- The new rules add to Beijing’s tightening of regulation, particularly around data, which could impact the way China’s technology giants operate.
- Tencent, the owner of the popular WeChat messaging app, has warned that further regulations could be coming for the technology industry.
- The greatest fallout of China notifying the law was that the stocks of the big tech companies of the country suffered a major slump, prompting renewed concerns among investors.
- The national privacy law closely resembles Europe’s General Data Protection Regulation. However, unlike in Europe, where governments face more public pressure over data collection, Beijing is expected to maintain broad access to data.
Connecting the dots: