The need to protect privacy is widely recognized in China. In recent months, China reinforces the tendency of regulation in the field of misuse of consumers' information and violation of consumer rights. Today, August 20, China passed the Personal Information Protection Law (PIPL), which establishes a comprehensive set of rules regarding data collection. The new rules could impact the way China's technology giants operate. For a better understanding of the way the legislator intends to pass this law, let's turn to the previous legislative initiatives.
Thus, in October 2020, the first draft of the Personal Information Protection Law
(PIPL) was published for public comment. It is noteworthy that this bill:
- establishes vital principles for the processing and protection of personal data;
- extends the rules for the receipt, processing, and protection of personal data to any legal entity that processes data of Chinese citizens as part of the provision of services, including outside the country;
- regulates the issues of cross-border transfer of personal information from China, including procedures for informing and obtaining appropriate consent from citizens;
- introduces the obligation of operators to send notifications to data subjects, including information about the processing (operator data, data category, purpose, methods, storage periods);
- regulates the procedure for notification of data breaches, as well as the processing of personal information by government agencies;
- establishes the rights of data subjects to access, rectify, and object to processing or request the deletion of personal information in certain circumstances.
Thus, in the Chinese legislation, it is proposed to introduce the right to be forgotten for the first time. On April 29, 2021, China has submitted the second draft of the Personal Information Protection Law (PIPL). The updated draft includes more detailed requirements on what personal information Internet companies can collect from users and how they should process this data. In particular, the updated PIPL will require some companies to establish independent oversight bodies to ensure that user information is managed under the law.
In August 2021, China passed the third draft of the Personal Information Protection Law (PIPL). A final version of the act has not been published yet, but we can highlight the main points from the version submitted for discussion at the Standing Committee of the National People’s Congress (NPCSC) meeting from August 17 to 20, 2021.
- personal information of children under the age of 14 is confidential, and processors should develop special rules for the processing of such information;
- the rules for cross-border provision of personal information should provide that for personal information provided abroad under international treaties and agreements that China has signed or participated in, the protection of such data transferred abroad must comply with national rules;
- the right to data portability clauses was added;
- requirements for improved complaint and reporting mechanisms to protect personal information and referral of suspected criminal cases related to illegal handling of personal data have become more apparent.
Currently, some aspects of personal data protection are regulated in the following acts:
- The Decision to strengthen the protection of network information, adopted by the Standing Committee of the National People's Congress on December 28, 2012;
- A new edition of the Law on Consumer Rights Protection, which came into force on March 15, 2014;
- The Criminal Law as amended by its Ninth Amendment and entered into force on November 1, 2015;
- General provisions of the Civil Law of the People's Republic of China promulgated on March 15, 2017, and entered into force on October 1, 2017;
- Law on Cybersecurity promulgated on November 7, 2016, and entered into force on June 1, 2017;
- Industry regulations governing telecommunications, banking, insurance, real estate brokerage, postal and courier services, healthcare, and other sectors of the economy.
In February, 2021, Antimonopoly Committee of the State Council of China issued the Antitrust Guidelines for Platform Economy in order to protect fair competition and consumer rights.
Alexander Koty. Personal Data Regulation in China: Personal Information Protection Law, Other Rules Amended / China Briefing. May 13, 2021. URL: https://www.china-briefing.com/news/personal-data-...
China refines data handling rules in updated personal information protection law draft / PaRR. August 13, 2021. URL: https://app.parr-global.com/intelligence/view/inte...
China passes major data protection law as regulatory scrutiny on tech sector intensifies / CNBC. August 20, 2021. URL: https://www.cnbc.com/amp/2021/08/20/china-passes-k...
Report for public consultations "Ecosystems: Approaches to Regulation" / Bank of Russia, April 2, 2021. URL: http://cbr.ru/Content/Document/File/119960/Consult... (in Russian)
The Antitrust Guidelines for Platform Economy Guo Fan Long Fa  1. URL: http://www.gov.cn/xinwen/2021-02/07/content_558575... (in Chinese).