News Brief

China Passes New Data Privacy Law, Setting Boundaries For Tech Companies

  • State-run and private companies in China who have been managing personal information will now be compelled to restrict data collection and acquire user agreements under the Personal Information Protection Law, passed by China's top legislative body.

Bhaswati Guha Majumder Aug 20, 2021, 06:01 PM | Updated Aug 21, 2021, 11:53 AM IST
China passes law aimed at restricting companies from acquiring sensitive personal data.

China passes law aimed at restricting companies from acquiring sensitive personal data.


China has passed a privacy law on 20 August aimed at restricting companies from acquiring sensitive personal data, as Beijing grapples with an increase in internet scams, data leaks and concerns about tech giants exploiting clients' data.

State-run and private companies in China, who have been managing personal information, will now be compelled to restrict data collecting and acquire user agreements under new rules. The Personal Information Protection Law was passed by China's top legislative body, reported the China Central Television on 20 August.

Even though enough details on this new legislation were not immediately available, reports stated that the Chinese state security agency would continue to have access to large amounts of personal data.

The new restrictions are also anticipated to shake China's internet sector, which has seen companies like ride-hailing giant Didi and Tencent, which is a Chinese technology conglomerate holding company, in the eyes of regulators in recent months for allegedly misusing personal data.

The legislation is modelled after the European Union's General Data Protection Regulation, which is one of the world's harshest online privacy protection laws. Kendra Schaefer, a partner at Beijing-based consulting firm Trivium China said: "China's new privacy regime is one of the toughest in the world. China is not really looking at the short term with this law."

Additionally, Schaefer stated that it aims to lay the groundwork for the digital economy over the next 40 or 50 years.


The law is nothing but a step ahead in China's campaign to limit big tech's power. Failure to comply can result in fines of up to 50 million yuan ($7.6 million) or 5 per cent of the company's annual turnover. Serious offenders risk losing their business licences and being forced to shut down operations.

To maintain the Chinese Communist Party's hold on society, President Xi Jinping has begun the crackdown episodes on the country's most influential tech stars. Consumer concerns about the steady loss of their privacy are being addressed by the government as tech corporations make rapid breakthroughs in the use of techniques such as facial recognition and big data.

In June, the Chinese legislatures passed a law giving the government the authority to shut down or fine tech companies that obstruct the ambitions to control enormous swaths of data they generate. The steps come as some American politicians call for the breakup of internet behemoths like Facebook and Alphabet, while European regulators place a premium on antitrust enforcement and providing consumers more data control.

As reported by Bloomberg, the legislation, which comes into force on 1 September, will also aid the Chinese government in its efforts to become the world's second-largest economy, a big data leader. Beijing has been pouring money into data centres and other digital infrastructure to help the CCP's legitimacy by making electronic information a national economic driver.

The newly passed law threatens to further encircle China's tech giants, who are already subjected to a tangle of regulations covering everything from how they form deals and price services to how they manage the massive amounts of data collected regularly. Zang Tiewei, a spokesman for a commission under the legislature who appeared at a news conference in Beijing last week, said that drafts of the latest personal data law would tighten restrictions on the user profiles that companies can keep and the recommendations that apps can make. He also noted that any choices made automatically in the applications must be "fair and just".

Additionally, the regulation also states that the personal data of Chinese citizens cannot be transmitted to nations with lesser data security requirements than China, which might cause complications for foreign enterprises. In this case, Schaefer said: "The thing we're all on tenterhooks over is the issue of data transfer. It poses a very interesting geopolitical conundrum, which is that the U.S. does not have a national privacy law."

Join our WhatsApp channel - no spam, only sharp analysis