BEIJING: China is tightening control over data gathered by companies about the public under a law approved Friday by its ceremonial legislature, expanding the ruling Communist Party’s crackdown on internet industries.
The data protection law follows anti-monopoly and other enforcement actions against companies including e-commerce giant Alibaba and games and social media operator Tencent that caused their share prices to plunge.
The law, which takes effect Nov. 1, follows complaints companies misused or sold customer data without their knowledge or permission, allowing it to be used for fraud or unfair practices such as charging higher prices to some users.
The law curbs what information companies can gather and sets standards for how it must be stored. The full text of the law wasn’t immediately released, but earlier versions also would require customer permission before data can be sold to another company.
The data protection law is similar to Europe’s General Data Protection Regulation (GDPR), which limits collection and handling of customer data. But unlike laws in Western countries, the Chinese legislation says nothing about limiting ruling party or government access to personal information.
The ruling party has been accused of using data gathered about Uyghurs and other members of predominantly Muslim ethnic groups in the northwestern region of Xinjiang to carry out a widespread campaign of repression.
“The Chinese authorities, much the same as governments globally, are concerned at the volume of data big tech has in respect of the population and the power they can provide,” said Paul Haswell, partner at law firm Pinsent Masons, who called it the new law China’s version of the GDPR.
He said that most organizations, however, should already be prepared for the law as cyberspace authorities had already passed previous laws that indicate stricter oversight of Chinese data.