The new law, which according to Chinese state media comes into effect on November 1, 2021, follows months of the state tightening regulation on the rampant collection of user data that saw dozens of apps banned.
Dubbed the Personal Information Protection Law (PIPL), the new legislation details compliance requirements for companies operating outside the mainland to help ensure users’ data is protected when it’s ferried outside of China.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
PIPL is reported to list a comprehensive set of rules that govern the collection, processing, storage, and protection of data, as well as introducing the requirement for foreign companies operating in China to appoint a local representative to ensure compliance.
User is king
The PIPL, which reportedly draws many parallels with Europe’s General Data Protection Regulation (GDPR), calls on both state and private entities that handle personal information to reduce data collection and obtain user consent.
The law states that companies must state very clearly on how they intend to handle the user’s personal information, and ensure that they limit themselves to the “minimum scope necessary to achieve the goals of handling” data.
Once the law comes into play, it will, for instance, prevent companies from setting different prices for the same service based on the users’ history.
Reuters reports that the National People’s Congress (NPC) has lauded the new legislation in an op-ed piece published in the Chinese state media outlet People’s Court Daily.
“Personalization is the result of a user’s choice, and true personalized recommendations must ensure the user’s freedom to choose, without compulsion. Therefore, users must be given the right to not make use of personalized recommendation functions,” reasons NPC.