When covid-19 cases began to increase in China last year, we saw that the country’s already authoritarian surveillance systems were being torn down. Officials rushed in all of drones that detect the face and forced motion tracking applications a literally collecting citizen blood in order to stop the flow of the virus. Entering 2021, the country had clearly reached a breaking point; China saw his first lawsuit for facial recognition this year, and the first bill this would partially prohibit this technology from being used in a major city, Hangzhou.
And on Friday, state media reported the country had taken its biggest step: passing a national privacy law that will go into effect on November 1st.
And we mean sweep. The Personal Data Protection Act (PIPL) takes a page from the important European privacy legislation – the General Data Protection Regulation (GDPR) – which many political issues consider to be the “gold standard“When it comes to protecting the privacy of citizens. Unlike the RGPD, however, it includes an important caveat: it is written largely to protect people from private companies who accumulate their data, while at the same time offering it to state authorities. free access do just that.
Yes, it is a gap that reduces the biggest problem that everyone usually has State of surveillance of China: That state authorities use their panopticon for constant monitoring innocent people or whole ethnic groups. But there is a bright spot. Just like we are seeing officials in the US, Are usually trusted by Chinese government officials private companies to collect this data for them: applications, smart devices and even televisions. The PIPL aims to repress the companies behind it data sucking monsters, which means that hopefully citizens can use the law to cut off access to their data before it ends up in federal hands.
Like most privacy laws, the full PIPL is with words and dense. But, in a nutshell, it requires those who operate applications, sites, or any other technology that does data collection, to obtain the consent of its users in order to collect that data, as we have seen. with the RGPD. In cases where the application or device handles “sensitive” data, such as a person’s fingerprint or financial data, you must request consent. again before collecting these specific details, even ask operators to obtain “written consent” from users if required by law.
G / O Media may receive a commission
In addition, the law also requires users to have different options on how their data can be treated. Users need to be able, for example, to tell an app that they can track their data, but not use it to target them with ads. And when they give that consent, the app should provide these users with an easy way to withdraw it at any time. If you’ve seen the way Apple deployed application tracking options inside iOS 14, what the law requires sounds pretty similar. Only in this case, Apple will not remove your application if you are caught ignoring these requirements: it is the government of China.
The PIPL also has fairly strict guidelines for foreign companies doing business in the region, and includes data collection giants like Facebook that offer services to Chinese customers through obscure subsidiaries. The PIPL states that any of these teams must not only comply with the new law, but must “pass a security assessment organized by the state department of cybersecurity and information” before obtaining a pass to operate in the country.
When companies are caught violating privacy laws in the United States, companies like Facebook receive the same kind of punishment they would receive if they were caught violating these rules in the EU: thousands (sometimes millions) of dollars worth of many. As probably expected, the consequences for Chinese companies are much more serious.
Depending on the violation, companies can receive a fine of up to 50 million yuan (approximately US $ 7,690.00) or obtain all of their “illegal revenue” obtained by customers without consent from the Chinese authorities. If they are caught selling or freely disclosing personal information about those people, they could end up with a 7-year prison sentence.
Does it sound a little harsh? May be. But after seeing these companies they make billions of dollars misleading customers about your data or directly lie down when they are trapped, it is good to see them with a new reason to be afraid.