China: New data protection law similar to European one27. August 2021
China: New data protection law similar to European one
Shanghai, Aug. 27, 2021
China’s lawmakers have passed a national data protection law that restricts data collection by technology companies. The Personal Information Protection Law (PIPL) was passed Friday at a meeting of the Standing Committee of the National People’s Congress, marking a new era in the history of China’s Internet. It has similarities to the European General Data Protection Regulation (GDPR).
The law requires organizations handling Chinese citizens’ data to obtain consent and minimize the data they collect.
However, according to experts, Beijing may be able to control how the collected data was used.
The PIPL also requires facial recognition cameras in public places to be labeled as such and used only for security purposes. Another facet of the law concerns algorithmic discrimination. Automated decision-making about advertising based on user data must be transparent, and companies must allow individuals to opt out of personalized advertising.
Violations of the law can result in a fine of up to $7.7 million or up to 5% of the company’s business revenue in the previous year. Another part of the law provides that foreign data companies that endanger China’s national security or harm the public interest can be blacklisted.
The entire law will come into effect on November 1.