According to the government, China has passed a new data law that should better protect users’ personal data.
The law prescribes, among other things, how tech companies must handle that data. The law will come into effect on November 1 and contains a number of provisions that are reminiscent of the GDPR.
Among other things, companies must obtain user consent before they can collect personal data, as well as be prescribed how to protect that data when it is transported outside China’s borders. Tech companies that manage people’s data must also employ a dedicated data protection officer and conduct regular audits.
In addition, data may only be collected when there is a clear purpose for this, and companies must collect the minimum amount of data necessary to make their apps and the like work. The law also contains some extras, such as the addition that control over the data goes to his family in the event of the user’s death. They can then, for example, withdraw permission to use data.
In recent months, the Chinese government has stepped up its control over major tech companies in the country. This year, the government’s Cybercrime division started investigations into taxi app DiDi, TikTok and Baidu, among others, for breaking existing data rules.