Home>>

China’s law on personal information protection enters into force

By Yu Sinan (People's Daily) 09:54, November 02, 2021

China’s law on personal information protection took effect on Monday. The new law specifies and completes the guiding principles for the protection of personal data and rules that must be followed when processing personal information, defines rights and obligations in personal information processing activities, and improves working systems and mechanisms for personal information protection.

Photo taken on Sept. 27, 2021 shows visitors watching a sand table of 5G-empowered smart city at PT Expo China 2021, an influential information and communications technology (ICT) annual event in Asia, held in Beijing. (People’s Daily Online/Chen Xiaogen)

The law states that the handling of personal information should be guided by and directly related to clear and reasonable purposes, and be carried out in ways that affect the rights and interests of relevant individuals the least, said experts.

It also stipulates that the collection of personal data should be limited to the minimum extent possible to achieve such purposes, according to experts.

To address problems that have been complained about the most, such as bundling various policies into one agreement and forcing users into consent, the law requires personal information processors to obtain individual consent in links including processing sensitive personal information, providing personal information for third parties, disclosing personal information, and cross-border transfer of personal data.

The law clearly stipulates that personal information processors shall not excessively collect personal information or refuse to provide products or services for users simply because they do not agree to share their personal information.

Citizens pay via self-service terminal with facial recognition system at a supermarket in Taizhou city, east China’s Zhejiang province, Aug. 11, 2021. (People’s Daily Online/Jiang Youqing)

Meanwhile, individuals should be allowed to withdraw their consent to the handling of their personal information, and after the withdrawal, personal information processors shall immediately stop processing or delete their personal information, according to the law.

In an effort to put an end to big data-enabled price discrimination against existing customers, the law states that personal information processors shall ensure the transparency of their automated decision-making based on personal information and the fairness of the decisions and shall not unfairly treat individuals in terms of transaction price and other trade conditions.

Sensitive personal information, which includes biometrics, medical and health, financial accounts and whereabouts, can only be processed with specific purposes, absolute necessity, and strict protective measures, according to the law.

Photo taken on Sept. 27, 2021 shows two girls passing by a poster of PT Expo China 2021, an influential information and communications technology (ICT) annual event in Asia, held in Beijing. (People’s Daily Online/Chen Xiaogen)

Sensitive personal information processors shall assess the influence of their activities and inform individuals about the necessity and impacts of such activities on their rights and interests beforehand, says the law.

The number of China’s Internet users reached 989 million by the end of 2020. The huge netizen population serves as the cornerstone of the country’s digital economy, for which data is an important driving force.

Protecting personal data isn’t contrary to developing digital economy, said experts, who noted that the key to a win-win situation for both is to keep a balance between the utilization and security of information on the basis of protecting individual rights and interests and promoting reasonable flow of information.

The law designed to tighten personal data protection has arrived amid rising concerns and complaints about excessive collection of personal data by some service providers.

More often than not, people find they are asked to provide information about their geographical locations when they only want to install a flashlight app on their mobile phones; when they download a text editor app, the app provider asks for access to their address books; and their facial information is probably captured without their consent as they enter the sales office of a real estate company.

After investigating hundreds of thousands of apps, a research team of Renmin University of China found that many of the more than 30 permissions requested by apps do not match with the requirements of apps for realizing their functions.

Commercial exploitation of some information is the primary purpose of apps’ excessively requesting permissions from users. For instance, pushing personalized advertisements and other information to users represents the potential commercial value of personal information.

App operators can even make a judgment about users’ jobs and the places they often go to after acquiring certain permissions, according to an app developer.

Analyzing users’ characteristics based on data can help improve their consumption experience and at the same time lead to infringement acts in consumption activities, such as price discrimination against existing customers.

High hopes are usually placed on the self-discipline of personal data collectors for protecting people’s personal information. However, information leakage can happen easily due to the lack of solid “protecting wall”. What’s worse, some information collectors even trade in data, which could result in illegal use of personal information. Against the backdrop, the execution of the law on personal information protection becomes all the more significant.

(Web editor: Hongyu, Liang Jun)

Photos

Related Stories