On Monday of this week, draft rules on the protection of personal data were submitted to the National People's Congress (NPC) Standing Committee, China's top legislature, for a second reading. The People's Republic is preparing to reinforce regulation of today's internet giants, which are particularly hungry for large quantities of data. The initiative may also provide Beijing with an opportunity to tighten its grip on internet-related industries.
Has the concern over data privacy prevalent elsewhere in the world finally arrived in China? According to the state press agency Xinhua, the Standing Committee of the National People's Congress is currently deliberating on regulations to enhance the protection of data privacy. A major societal issue in China, the question of how personal information is stored and processed is of particular concern to the country's citizens. On the national social network Weibo, there are plenty of messages that optimistically welcome the new rules. At the same time there are a number of posts that worry over the dissemination of data collected by face recognition and mass surveillance applications.
The initiative has come almost exactly five years to the day since the European Union introduced the GDPR (General Data Protection Regulation of April 27, 2016), which is now deemed to provide the strictest regulation of its kind in the world, and it is worth wondering how similar the Chinese legislation will be. The country's new rules will apply both to China's citizens and to companies that process their information. They specifically target tech industry giants that benefit from huge numbers of users and process massive quantities of personal data. These companies will be instructed to establish an independent body largely composed of external experts to supervise the manner in which personal data is obtained and processed and regularly publish responsibility reports. The proposed legislation is also demanding an end to the coerced collection of personal data; internet platforms will now have to provide users with practical methods of refusing to grant their consent.
A tighter grip on internet giants
The new legislation has a certain amount in common with the European Union text, which had three stated objectives: to reinforce individuals' rights, ensure compliance of data processing and enhance the credibility of regulation. It is also viewed as one aspect of Beijing's wider drive to gain tighter control of the internet industry in the country. Recently the Chinese government has taken a number of actions against technology giants. Last November, the Chinese stock market debut of Ant Group was suspended in the wake of the arrest of its founder Jack Ma. Earlier this month, Alibaba was fined 2.8 billion dollars for abusing its dominant position in online sales. On Monday, food-delivery giant Meituan was accused by the government of forcing businesses to use its services. An investigation has now been launched.
On a global level, data privacy and the protection of personal data are being viewed as increasingly important. In 2018, the European Union launched its law to protect online privacy. At the time, many critics of the new legislation claimed that the GDPR would stifle progress in artificial intelligence and other new technologies. Particularly in the United States, certain experts were concerned that restricting access to data would prove to be an obstacle to innovation. China, which is the uncontested leader on both of these markets, has now chosen to adopt an approach that is similar to the one already established in Europe, while tightening its grip on such homegrown internet superpowers as Tencent, Baidu and Alibaba.