The Chinese authorities have tightened the requirements for the protection of personal data. Since November, a new law will come into force in China, which will allow tracking only the necessary minimum of information. After the news of the adoption of the law, the shares of local technology companies began to fall in price.
The adoption of the law was reported by the Reuters portal with reference to the Chinese state news agency Xinhua.
Now Internet companies (as, most likely, application developers) should have a clear and reasonable purpose for collecting users’ personal data. They are also obliged to limit themselves to collecting “the minimum amount of information that is needed to achieve this goal.”
In addition, companies must appoint a special person who will be responsible for maintaining data confidentiality.
Separately, the law lists the conditions on the basis of which it is generally allowed to track personal data, but Reuters noted only one of them. According to the portal, from November companies will have to ask users if they agree to share information about themselves at all. However, a similar condition has been in effect in China since 2017.
The law also specifies how companies should protect data when transferring them abroad. Reuters did not share details.
It is unknown what measures will be applied to those who violate the law. But we note that in one of the versions of the bill, the authorities proposed to fine violators in the amount of up to 50 million ($7.7 million) or 5% of annual income.
According to the Financial Times, against the background of news about the law in China, the shares of a number of technology giants collapsed. The Hang Seng Tech index, which specializes in such companies, fell by 1.8% on the day of the adoption of the law. In particular, it tracks Alibaba and Tencent shares.
The Personal Data Protection Law is not the first such initiative of the Chinese authorities over the past year. For example, since May, rules have been in effect in China prohibiting developers from closing access to applications if a user refused to share redundant data. It’s about the information that apps collect for advertising purposes. But, as the TechCrunch portal notes, these rules look more like a recommendation, since the authorities did not name penalties for developers who violate them.