Chinese lawmakers have asked the government to set up appropriate mechanisms to handle personal data collected during the Covid-19 outbreak.
Why it matters: Strict epidemic prevention measures taken in China have given authorities at all levels more legitimacy to gather people’s sensitive data, including their ID numbers, travel history, and contact information. The data is also provided to non-official entities such as shopping malls, train stations, and property management companies by individuals in exchange for access.
- China doesn’t have a dedicated law on personal data protection, but the country is stepping up efforts to strengthen regulations amid increasing data breaches.
- The National People’s Congress (NPC) had previously said it is drafting a so-called Personal Data Protection Law, but the rubber-stamp legislature didn’t say whether it would file the law for review during the yearly gathering of the “two sessions” starting from Thursday.
Details: Lian Yuming, a member of the CPPCC (Chinese People’s Political Consultative Conference), filed a proposal to the political advisory body, calling for the upcoming Personal Data Protection Law to consider listing citizens’ sensitive information as “special category data” and protecting them as part of citizens’ right to privacy, according to Caixin.
- The draft personal data protection law should learn from the European Union’s General Data Protection Regulation (GDPR) and classify personal data by “regular data” and “special category data,” said Lian in the proposal.
- “Special category data” should include people’s names, dates of birth, national ID numbers, home addresses, phone numbers, and email addresses, according to the proposal.
- Lian also suggests the authorities draft rules to provide guidance for local government agencies, enterprises, and hospitals to properly deal with data they have collected during the pandemic after the public health crisis is over.
- Che Jie, a representative of the NPC, told Caixin he had filed a motion to the legislature to suggest stronger protection of personal data collected during the pandemic.
- Except for clear-cut consent, local governments should delete data collected for the health code system after the pandemic, said Che.
Context: Chinese officials have a poor record of handling personal data they have collected. In February, residents of Wuhan, the capital city of Hubei province and the center of the outbreak, found their information including their phone and ID numbers, home addresses circulating online. They had previously filed their personal information to local officials tasked with monitoring the movements of people coming from areas hit by the virus.