/cloudfront-us-east-2.images.arcpublishing.com/reuters/4JKB7272V5IXRJRFPV6MHIFNLE.jpg)
SHANGHAI, Aug. 20 (Reuters) – China’s National People’s Congress officially approved a law on Friday designed to protect online user data privacy and will implement the policy from Nov. 1, according to the Xinhua state medium.
The passage of the law completes another pillar in the country’s efforts to regulate cyberspace and is expected to add more compliance requirements for companies in the country.
China has instructed its technology giants to ensure better secure storage of user data, amid public complaints about mismanagement and misuse that have led to violations of user privacy.
The law states that the processing of personal information must have a clear and reasonable purpose and must be limited to the “minimum necessary to achieve the purposes of processing” the data.
It also sets out the conditions under which companies may collect personal data, including obtaining the consent of an individual, as well as establishing guidelines to ensure data protection when data is transferred outside the country.
The law also requires that personal information managers designate a person in charge of the protection of personal information and that managers conduct periodic audits to ensure compliance with the law.
The second draft of the Personal Information Protection Act was made public in late April.
The Personal Information Protection Act, along with the Data Security Act ,, mark two major regulations that will govern China’s Internet in the future.
The data security law, which will take effect on September 1, sets a framework for companies to classify data based on its economic value and its relevance to China’s national security.
The Personal Information Protection Act, for its part, recalls the European GDPR in establishing a framework to ensure the privacy of users.
Both laws will force Chinese companies to examine their data storage and processing practices to ensure they comply, according to experts.
The laws come amid broader regulatory enforcement of the industry by Chinese regulators, which have led to large and small businesses.
In July, the Chinese cyberspace administration of China (CAC), its main cyberspace regulator, announced that it would launch an investigation against Chinese giant Didi Global Inc (DIDI.N) for allegedly violating user privacy.
On Tuesday, the Chinese State Administration for Market Regulation (MRSA) approved a comprehensive set of rules aimed at improving fair competition, banning practices such as fake online reviews.
In January, the government-backed China Consumers Association issued a statement criticizing technology companies for “intimidating” consumers when it comes to shopping and promotions. Read more.
Since then, regulators have routinely reprimanded companies and apps for violating user privacy.
On Wednesday, China’s Ministry of Industry and Information Technology accused 43 applications of illegally transferring user data and asked them to rectify it before August 24th.
Report by Josh Horwitz; Edited by Michael Perry
Our standards: the principles of trust of Thomson Reuters.