China adopts new personal data legislation, which enters into force on 1 November | MCUTimes

China adopts new personal data legislation, which enters into force on 1 November

SHANGHAI, August 20 (Reuters) – China’s National People’s Congress on Friday officially passed a law designed to protect the privacy of online user data and will implement the policy from November 1, according to state media Xinhua.

The passage of the law completes another pillar in the country’s efforts to regulate cyberspace and is expected to add more compliance requirements to businesses in the country.

China has instructed its technology giants to ensure better secure storage of user data, amid public complaints about mismanagement and abuse that have resulted in violations of users’ privacy.

The law states that the handling of personal data must have a clear and reasonable purpose and must be limited to the “minimum scope necessary to achieve the objectives of handling” data.

It also lays down conditions for which companies can collect personal data, including obtaining a person’s consent, as well as laying down guidelines to ensure data protection when data is transferred outside the country.

The law also calls for personal data processors to appoint a person responsible for the protection of personal data, and encourages handlers to conduct periodic audits to ensure compliance with the law.

The second draft of the Personal Data Protection Act was published in late April.

The Privacy Act, together with the Data Security Act, marks two major rules that will regulate China’s Internet in the future.

The Data Security Act, to be implemented on September 1, sets a framework for companies to classify data based on its economic value and relevance to China’s national security.

Meanwhile, the law on the protection of personal data is reminiscent of Europe’s GDPR by setting the framework for the security of users’ privacy.

Both laws will require companies in China to examine their data storage and processing practices to ensure compliance with experts.

The laws come amid a broader regulatory tightening of industry by Chinese regulators, which has rattled large and small businesses.

In July, China’s Cyberspace Administration of China (CAC), its top cyberspace regulator, announced it would launch a probe after Chinese ride-hauling giant Didi Global Inc. (DIDI.N) for allegedly violating the privacy of users.

On Tuesday, China’s State Administration for Market Regulation (SAMR) adopted a comprehensive set of rules aimed at improving fair competition and banning practices such as fake online reviews.

In January, the government-backed China Consumers Association issued a statement criticizing tech companies for “bullying” consumers into making purchases and promotions. Read more .

Since then, regulators have routinely reprimanded companies and apps for violating users’ privacy.

On Wednesday, China’s Ministry of Industry and Information Technology accused 43 apps of illegally transferring user data and urged them to make corrections by August 24. Read more.

Reporting by Josh Horwitz; Editing Michael Perry

Our standards: Thomson Reuters trust principles.

Disclaimers for

All the information on this website - - is published in good faith and for general information purpose only. does not make any warranties about the completeness, reliability, and accuracy of this information. Any action you take upon the information you find on this website (, is strictly at your own risk. will not be liable for any losses and/or damages in connection with the use of our website.

Leave a Comment