China has passed legislation that establishes stricter controls for how corporations handle user data, advancing its campaign to limit the dominance of big tech.
In a report on Friday, China Central Television said that the Legislature of Asian Nations approved The Personal Information Protection Law.
As such, no details of the new legislation are available, but previous proposals required companies to obtain user approval before collecting, using or sharing information, as well as providing an opt-out mechanism. Companies found in violation of the regulations face fines of up to 50 million yuan (S$10.5 million) or 5% of their yearly sales.
President Xi Jinping has been clamping down on China’s most prominent digital companies, such as Alibaba Group Holdings, Tencent Holdings, and Didi Global, in order to maintain the country’s hegemony. Consumers are concerned about the slow loss of their privacy as tech companies make fast improvements in the use of tools such as face recognition and big data, and the government is taking steps to address this concern.
In June, the Chinese government enacted legislation giving Mr. Xi the authority to shut down or punish digital companies that obstruct his efforts to control huge swaths of data they generate. The changes come as some US legislators call for the breakup of Internet behemoths like Facebook and Alphabet, while European authorities prioritize antitrust enforcement and data protection for consumers.
That law, which takes effect on September 1, will also aid China’s government in its efforts to become the world’s second-largest economy and a big data leader. Beijing has been pouring money into data centers and other digital infrastructure in order to increase the legitimacy of the ruling Communist Party by transforming electronic information into a national economic engine. The new rule threatens to further encircle China’s digital behemoths, who are already subjected to a tangle of laws controlling everything from how they make agreements and price services to how they manage the massive quantities of data collected on a daily basis. Along with the previous law, the privacy restrictions have the potential to severely limit the number of online commerce firms that rely on individualized data to target customers and sell their products.
“Data localization requirements are not new or unique to China, but in terms of practical impact for companies here, there is no question that ‘letter of the law’ compliance is more cumbersome now than before,” said Mr. Nathaniel Rushforth, cybersecurity and data counsel at DaWo Law Firm Shanghai.
“We should expect to see more frequent and substantial enforcement actions against all companies in China,” he said.
According to draughts of the most recent personal data regulation, corporations must retain user-profiles and applications must offer suggestions. Mr. Zang Tiewei, a spokesperson for a legislative panel, told a news conference in Beijing last week that any judgments made automatically in the apps must be “fair and just.”
They also imposed limitations on the movement of personal data across borders and mandated that any sensitive data be kept in China.