China passes major data protection law as regulatory scrutiny on tech sector intensifies

China passed a major data protection law on Friday setting out tougher rules on how companies collect and handle their users’ information. The rules add to Beijing’s tightening of regulation, particularly around data, which could impact the way China’s technology giants operate. The Personal Information Protection Law (PIPL) lays out for the first time a comprehensive set of rules around data collection, processing and protection, that were previously governed by piecemeal legislation.

After several drafts, the PIPL was passed by China’s legislature on Friday, according to state media. However, the final version of the law has not yet been published. A previous draft of the law said that data collectors must get user consent to collect data and users can withdraw that consent at any time. Companies that process data cannot refuse to provide services to users who don’t agree to having their data collected — unless that data is necessary for the provision of that product or service. There are also strict requirements for transferring Chinese citizens’ data outside the country.

China passes major data protection law as regulatory scrutiny on tech sector intensifies, CNBC, Aug 20