When cases of covid-19 began to surge in China last year, we saw the country’s already authoritarian surveillance systems kick in. The officials deployed all face detection drones and mandated motion tracking apps literally collect the blood of citizens in order to stem the flow of the virus. Enter 2021, the country had clearly reached a breaking point; China has seen its first facial recognition trial this year, and the first law Project which would partially ban the use of this technology in a large city, Hangzhou.
And Friday, the state media reported the country had taken its biggest milestone to date: passing a national privacy law that is expected to come into force on November 1.
And we mean sweep. The law on the protection of personal information (PIPL) is inspired by the historic European privacy law, the General Data Protection Regulation (GDPR), which many policy scholars consider to be the “”gold standard”When it comes to protecting the privacy of citizens. Unlike the GDPR, however, it comes with a major caveat: it is largely written to protect people from private companies that suck their data, while giving state authorities a free admission largely doing just that.
Yes, it’s a loophole that somehow narrows down the biggest problem a lot of us tend to have with China’s surveillance state: That the state authorities use their panopticon to continuously monitor Innocent people or whole ethnic groups. But there is a bright spot. Just as we see it with officers in the United States, Chinese government officials generally rely on private companies to collect this data for them: apps, smart devices and even TVs. The PIPL is intended to crack down on the companies at the origin of these data sucking monsters, which hopefully means citizens can use the law to cut off access to their data before it falls into the hands of the federal government.
Like most privacy laws, the full PIPL is verbose and dense. But in a nutshell, it requires those who operate any apps, sites, or any other technology performing data collection to obtain the consent of their users in order to collect that data, as we have seen. with GDPR. In cases where this application or device processes “sensitive” data such as fingerprints or a person’s financial details, it is necessary to seek consent. again before collecting this specific information, or even asking operators to obtain the “written consent” of users if required by law.
In addition to this, the law also requires users to have different options as to how their data is allowed to be processed. Users should be allowed, for example, to tell an app that it can track their data, but not to use that data to target them with ads. And when they give that consent, the app is obligated to give those users an easy way to withdraw it at any time. If you’ve seen Apple’s rollout application tracking choice in iOS 14, what the law demands seems quite similar. Only in this case, it will not be Apple who will remove your application if you are caught flouting these requirements, it is the Chinese government.
The PIPL also has pretty strict guidelines for foreign companies doing business in the region, and that includes data hoover giants like Facebook that offer services to Chinese customers through obscure branches. The PIPL states that one of these companies is not only required to comply with the new law, but that it must “pass a security assessment organized by the cybersecurity and information department of the State ”before obtaining a pass to operate in the country.
When companies get caught flouting privacy laws in the US, companies like Facebook face the same kind of punishment they would get if they broke those rules in the then EU. : thousands (sometimes millions) of dollars fines. As you might expect, the consequences for businesses in China are much more severe.
Depending on the offense, companies can be fined up to 50 million yuan (approximately $ 7,690.00), or have all of their “illegal income” from unwilling customers seized by them. Chinese authorities. If they are caught selling or freely disclosing the personal information of these people, they could end up with a 7-year prison sentence.
Does it sound a little harsh? May be. But after watching these companies make billions of dollars in deceive customers on their data or directly layer when they are caught it is good to see them with a new reason to be afraid.