The People’s Republic of China had August 20, 2021 ratified a new data privacy law that will regulate how tech companies operate in the East Asian country.
The law, officially dubbed the Personal Information Protection Law of the People’s Republic of China (PIPL), will be the first national data privacy statute ever passed in the country.
The PIPL, a model of the ‘General Data Protection Regulation’ of the European Union has the capacity to foist protections and restrictions on China’s companies (inside and outside) collection of data and its transfer. The law will be majorly focused on applications that use personal information in targeting customers, offering them varying prices on products and services, thereby preventing the relay of personal info to other countries that have little security protection.
The enacted law, which will take effect on the 1st of November 2021, may be too short a notice as it does not give companies ample time to prepare for its take-off. But companies that have already followed the General Data Protection Regulation (GDPR), especially if they have implemented it extensively will find it seamless adapting and complying with the new China law. Other firms that have not implemented the GDPR will need to tow the same method.
Companies in the United States will also need to take into cognizance the new restrictions, in personal information transfer from China to the U.S.
We’ll take a look into the enacted PIPL law and its implication for tech firms:
Requirements for New data handling
The new law arguably institutes the most rigorous standards for the protection of data privacy throughout the universe as it has in its fore special requirements that relates to processing personal information by government agencies. The law chiefly relates to all information type, either recorded electronically or by other means, related to identifiable or identifiable natural persons, excluding anonymous information.
Here are some of the major requirements for handling people’s personal information in China that will affect tech businesses:
The Chinese law Extra-territorial application
China’s regulations have in the past been only applicable to activities outside the country but the PIPL is akin to applying the law to personal information handling in the Chinese borders. But similar to the GDPR it models, the PIPL application also expands to personal information handling outside China provided the following information are met:
Where the purpose is to provide products or services to people inside China.
Where analysing or assessing activities of people inside China.
Other circumstances provided in laws or administrative regulations.
For instance, a U.S.-based company selling products to consumers in China may be subjected to the China data privacy law even if they do not have a facility or operations there.
The principles of Data handling
The Personal Information Protection Law in hindsight introduces transparency, purpose and minimization of data. Personal information can be collected by companies for distinguished, clear, reasonable and disclosed purposes, with the data retained only for the period in use. Recipients or handlers of such information will be also be required to ensure accuracy and completeness of the data in his/her care to forestall negative impacts on personal rights and interests of the owners of the information data.
It is hoped that the new law will adequately address privacy concerns of citizens of the East Asian country, while we also look forward to the legislation of data protection laws in other countries. User data must be safe and in trust!
Ayoola Faseyi, an Abuja based Journalist with interest in Technology and Politics. He is a versatile writer with articles in many renowned News Journals.
He is the Co-Founder of media brand, The Vent Republic.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
