In China, too , attention is being paid to the protection of personal data thanks to a new law recently passed by the Parliament . A great revolution for the country and its citizens, with the explicit aim of regulating the collection and use of data. As for the European GDPR, which has been taken as a reference point, it will apply to both local and foreign companies, with which it will be very restrictive.
The situation in China on the eve of the new law
So far in China, the protection of citizens' privacy has been entrusted to some articles of the Constitution of the People's Republic of China . In particular, 38 and 40 sanction the protection of the dignity of citizens and the freedom and confidentiality of communications. Therefore, although linked to the concepts of privacy, they do not explicitly represent this right.
When we talk about privacy we cannot fail to refer to Stefano Rodotà , in many respects the father of this discipline. Over many years, this concept has been enriched on the basis of the evolution of society starting from the "right to be left alone" up to the last definition of the Italian jurist who defined it as the "right not to know". That is the ability to keep your personal information under control and protect your private sphere.
In this sense, the Chinese Civil Code provides for a right to privacy and the protection of personal data, especially for everything related to processing. In addition, the IT security law of 2017 also finds space while there was still no real regulation governing the management of personal data.
The new law for the protection of personal data in China
The “Law on the protection of personal information” or PIPL was approved a few days ago by the Standing Committee of the 13th National People's Assembly , the highest Chinese legislative body. As anticipated above, the law was required to reduce and regulate the collection of citizens' personal data. Furthermore, it serves to fill a regulatory gap in this matter together with the Data Security Law (which is expected to be finalized by 2023).
Inspired by the European GDPR, it consists of 70 articles that deal, among others, with the principles of "transparency, fairness, purpose limitation, data minimization, retention, data accuracy and accountability". The new law (PIPL) will come into force on 1st November next so there will still be a transitional period to adapt to the rules just introduced.
The principles of the new PIPL
Central is the point relating to the search for informed consent by the users of the services. As for the GDPR, the user is obliged to express his consent to use the company's services. Consent must be clear and freely expressed so as to allow maximum transparency and choice for citizens.
The National People's Assembly stated that “personalization is the result of a user's choice and true personalized recommendations must guarantee the user's freedom to choose, without constraints. Therefore, users must be granted the right not to use personalized recommendation functions ”.
In addition to consent, an important role is given by the processing of data which must be limited to a minimum and controlled with a series of fulfilments. In fact, the companies will have to limit the collection only to achieve the objectives of the treatment and therefore only within these activities. Furthermore, periodic checks on compliance and compliance with the rules imposed by the legislation must be guaranteed.
We will closely monitor the adoption of the law and the evolution of Chinese rules on data protection and protection for the protection of citizens.
The article In China comes a new law for the protection of personal data comes from Tech CuE | Close-up Engineering .