China introduces new draft rules for data privacy protection

1 min read

Government efforts to crack down on misuse of private data is intensifying in China. The national cyberspace administration on Tuesday introduced a new data protection law, further tightening regulations amid increasing global concern about data privacy.

The new data security regulation states that any customized content using recommendation algorithms driven by personal data, including newsfeeds and advertising, should be explicitly labeled. Internet services are also required to delete all collected data if users choose to turn off recommendations and ads.

Other regulations include requiring approval from parents or legal guardians if personal information from minors under 14 is collected; prohibiting the routing of domestic internet traffic outside the country; and requiring permission for sharing “important data” to foreign entities. The draft regulation, which has not yet been officially released, is open for public comment until the end of June.

The regulation is the latest in a series of government moves to implement rules with unified standards applicable to domestic internet companies. The cyberspace administration launched a year-long crackdown plan in January to combat non-compliant and illegal data collection and processing, such as requiring authorization for use and unauthorized access to private data.

By mid-April, 31% of around 1,300 apps were reported by Chinese netizens for collecting data without specific consent, while another 20% allegedly gathered information irrelevant to their businesses, according to the administration.

Analysts expect the new rules will primarily target Android app makers since Apple has already provided iOS users with the option to turn off ads. In the meantime, Chinese authorities are working on other legislation specifically to enable law enforcement for crimes involving personal information, reported Yicai citing Zhang Yesui, a central government official, during the Two Session meeting in March.

China introduced its Cybersecurity Law in June 2017, the first of its kind serving as a “Basic Law” at the macro level. However, data leakage from various Chinese online service platforms over the past years have prompted public concern, increasing calls to set comprehensive standards for data protection in line with Europe’s General Data Protection Regulation (GDPR), launched in May 2018.

Zhang promised the specific personal data law would be released “as soon as possible,” while recognizing that current legal protections, including laws, regulations, and guidelines, lack comprehensive protections specific to data privacy.