China, the world’s biggest online community with an estimated 989 million users in 2020, will soon have one of the strictest data privacy laws following the passage of new regulations by the Standing Committee of the National People’s Congress (NPC), state media Xinhua and other news outlets reported on Friday (Aug. 20).
The law, which will take effect on Nov. 1, stipulates that any handling of people’s personal information should have a logical objective and will be restricted to the “minimum scope necessary to achieve the goals of handling” data, according to Reuters.
The new regulation set forth by China’s top legislative body is intended to further emphasize laws currently in place regarding how personal data is processed state-side and cross-border. At the end of last year, China had 989 million internet users and of those, 183 million were minors, state media indicated.
“Currently, the whole society pays close attention to new technologies, such as user profiling and recommendation algorithms, and problems including big data-enabled price discrimination have arisen,” said Zang Tiewei, spokesperson for the Legislative Affairs Commission of the National People’s Congress Standing Committee, per the report.
Although China emphasizes the importance of personal data privacy, the new regulation probably won’t touch on the state’s sweeping use of surveillance, policy analysts said, according to The Wall Street Journal.
Unlike the European General Data Protection Regulation (GDPR) rules, it is anticipated that Beijing will continue to have vast reach into people’s private information. The GDPR, which was put into effect three years ago, subjects organizations worldwide to its policy if they target or collect data in any way related to people in the European Union.
The GDPR also has built-in conditions mandating that anyone handling the personal information of Chinese citizens needs prior consent — and the data collection has to be minimal, according to The Wall Street Journal.
Beijing has been stepping up oversight of companies in the technology space; the new regulation is part of a wider policy to exert government control over how internet-based platforms operate.
China’s Data Security Law, passed in August, will take effect on Sept. 1, stemming from the 2017 Cybersecurity Law that began the process of regulating the flow of personal information. The law stipulates that tech firms such as Tencent, Alibaba and ByteDance will have to make their data available to government officials.