China’s New Law Fortifies Personal Privacy and State Authority

Security Lock
Credit: Gerd Altmann / Pixabay

The Chinese government has said that the development of big data brings convenience to life, but also “breeds chaos”. It has said that some platforms over-collect personal information while some businesses install image acquisition equipment without permission from customers, allowing them to secretly record their faces.

China’s “Personal Information Protection Law” (PIPL), which came into force on 1st November 2021, stipulates how data can be collected and used in the country, while also governing the actions of companies hoping to move data out of China.

The law is fairly broad in its interpretation of personal information, which refers to any recorded information that relates to identified or identifiable natural persons, excluding anonymised information, whether recorded electronically or in other forms. The processing of personal information refers to its collection, retention, use, handling, transmission, and erasure.

Under the new law, individuals now have the right to access and obtain a copy of their personal information from the processors, who have to respond in a timely manner. For tech giants, who process the personal information of millions of users, the new law asks them to establish an independent body made up of outsiders to supervise how the data is handled. They are also asked to create their own rules on personal information protection following the principles like “openness, fairness, and justice” and publish social responsibility reports regularly on personal information protection.

For companies or processors of personal information who need to transfer data out of China, they are required to gain consent from individuals affected and processors should inform them of the names of the receiving parties, their contact information, processing purposes, means of processing, categories of personal information involved, and the ways and procedures individuals can enforce their rights under PIPL. The law also strengthens data protection for minors, detailing that the personal information of anyone under 14 should be classed as sensitive, requiring processors to formulate special processing protocols for this age group.

The Wall Street Journal has recently reported, in September 2021, that China’s Securities Regulatory Commission is considering a ban on overseas initial public offerings (IPOs) for Chinese tech firms that possess large quantities of consumer data.

The present law is the latest measure in the year-long crackdown on tech companies in China – most prominent crackdowns being Alibaba Group and DiDi. China’s regulators, in September, have intensified their crackdown on cryptocurrencies with a blanket ban on all crypto transactions and mining. In recent times, China’s regulators are also signaling that some of the country’s most popular stock-trading apps are illegal.

These sweeping state interventions in the tech, finance and other online business eco-systems, have consequences not only for Chinese companies but also for the global financial system and world economy.

China’s new found zeal and an iron hand to protect personal data, challenges the Western notions of regulation of tech companies. “It looks likely that China wants to have a central role in international standard setting in the privacy space,” said Paul McKenzie, partner of international law firm Morrison & Foerster.

The whole philosophy underpinning these state crackdowns is very different to market-oriented ethos of the West. The underlying market principle of the West is “efficiency” — investors’ money flows to whichever companies are judged the best. In contrast, for state run-capitalist economies such as China, capital markets are designed to enable state control and facilitate state objectives. Capitalist prosperity should be a common prosperity, so that people at large can have materialistic comforts in an authoritarian regime, without a murmur.

China’s decisions may have less to do with a company’s financial risks or system vulnerabilities, but more to do with the political ties or state objectives. If Jack Ma had met the then US-President Elect Donald Trump and held discussions in early 2017 (without the consent of the Chinese authorities), his business moves may not be compatible with the political moves of the state. He has grown too big for the State’s shoes and should be cut to size. Other interventions, such as restricting gaming, are more about managing the society.

With the center of the global economy shifting from the West to East, in the clash between state and market philosophies, many other Asian countries are gravitating towards a model of national development dictated by an authoritarian rule.

The views and opinions expressed in this article are those of the author.