Chinese mobile phone user in Shanghai. China has passed the Personal Data Protection Act (PIPL), which for the first time sets out a comprehensive set of rules on data collection.
Qi Yang | Moment | Getty Images
GUANGZHOU, China – China on Friday passed a major data protection law that set tougher rules on how companies collect and manage information from their users.
The rules add to the tightening of Beijing’s regulation, especially around data, which could affect the way China’s tech giants operate.
The Personal Information Protection Act (PIPL) establishes for the first time a complete set of rules on data collection, processing and protection, which were previously governed by partial legislation.
After several drafts, the Chinese legislature approved the PIPL on Friday, according to state media. However, the final version of the law has not yet been published.
An earlier draft of the law said that data collectors must receive the user’s consent to collect data and that users can withdraw it at any time. Companies that process data may not refuse to provide services to users who do not agree to the collection of their data, unless they are necessary for the provision of this product or service.
There are also strict requirements for transferring data from Chinese citizens abroad.
Companies that fail to comply with the rules could be fined.
Beijing is stepping up technological scrutiny
The PIPL occurs when China’s regulatory scrutiny of the country’s technology companies intensifies. With the PIPL, along with the country’s cybersecurity law and data security law, China has tightened its data regulation.
“The launch of the PIPL completes the trifecta of China’s founding data governance regime and will open a new era of data compliance for technology companies,” said Kendra Schaefer, Beijing partner, consultant for Trivium China.