Editor’s Note: Every Wednesday, WPR contributor Lavender Au and Newsletter and Engagement Editor Benjamin Wilhelm curate the week’s top news and expert analysis on China. Subscribers can adjust their newsletter settings to receive China Note by email every week.
Last week, China’s National People’s Congress released the first draft of the Personal Information Protection Law, which would set up the first dedicated system to protect privacy and personal data in China. Having been in the works for well over a decade, it has been a wait. Personal information in China has been governed by a patchwork of regulations; some scholars say there are over 200 different rules related to protecting personal information.
Digital privacy has been a subject of much debate within China, particularly as consumers regularly fall foul of scams abetted by the widespread collection and sale of user data. It’s common for apps on smartphones to collect way too much data or bundle access with sweeping data permissions. State media, therefore, already bills the law as an impending victory in protecting the rights of Chinese citizens. To be sure, a great deal of the law is dedicated to reining in the private collection of data, and instituting tougher punishments for violations of the law, which Chinese consumers will welcome. It requires handlers of data to obtain consent and gives consumers the right to rescind that consent, in language reminiscent of the European Union’s General Data Protection Regulation. Carefully read by Chinese experts, the GDPR certainly provided a model.