A draft Personal Information Protection Law and the censure of app operators for a lax approach to consumer data privacy signal that China’s government is intent on bringing an end to what one observer described as a “wild era” for the country’s internet.
The South China Morning Post, citing Chinese media, reported on Friday that an official review of popular apps had found, one year on from previous warnings and fines, that there are still issues around personal data protection.
According to the report, Lu Chuncong, deputy director of the Information and Communications Administration, part of the Ministry of Industry and Information Technology (MIIT), met major app operators – including those owned by the country’s tech giants – and accused them of ignoring government directions on this subjection.
No details were forthcoming but the meeting came soon after public comments closed on a draft version of the Personal Information Protection Law, which requires firms to obtain the consent of individuals before using their personal information and proposes fines of up to 50 million yuan (US$7.6 million) or 5% of annual revenue on companies responsible for data breaches.
That mirrors the approach taken in other parts of the world. Europe’s GDPR, for example, gives individuals more power over how their data is collected and used by companies and can impose fines of up €20m or 4% of global turnover on companies guilty of serious data breaches.
Businesses affected by GDPR have been urged to move beyond mere compliance and use the new regulations as an opportunity to address some of the key issues with digital marketing and build consumer trust.
Wang Zhicheng, associate professor of finance at the Guanghua School of Management at Peking University, is skeptical about the effects of the PIPL, however, observing that the benefits the tech giant gain from mining personal data far outweigh any penalties imposed.
“Most of the time individuals have no access to internet service without a data collection agreement [up front],” he added. “It is easy for companies to … add such a deceptive action to comply with the law but it does not achieve the aim of the law [which is] to protect the personal data.”
Sourced from South China Morning Post; additional content by WARC staff