Shenzhen passes first local law to protect personal data



Photo from: Peopledata

Shenzhen in Guangdong province has approved China's first local law on data management, as the nation continues stepping up efforts to protect personal information.

Details of the Shenzhen Special Economic Zone Data Regulations were published by the municipal people's congress on Tuesday. The legislation was passed on June 29 and will take effect on Jan 1.

"The regulations clearly define personal data processing activities and effectively strengthen personal data protection," said Liu Jiachen, head of the city's government services and data management bureau.

The bureau was one of the key departments involved in the drafting of the law, which began in November 2018. A range of domestic and foreign laws, including the European Union's General Data Protection Regulation, the United Kingdom's Data Protection Act 1998 and the United States' California Consumer Privacy Act were studied during formulation of the Shenzhen legislation.

Nationwide, China has been making cybersecurity a greater priority. The country's Data Security Law was passed last month and will take effect in September.

The Shenzhen regulations focus on comprehensive data management as digital development of the city progresses.

People will have to be informed of and give their consent for processing of personal data, and will also be allowed to withdraw their consent at a later date.

The regulations stipulate that operators of apps will not be able to refuse core functions or services to people who do not accept personal data usage agreements.

In addition, users will have the right to refuse customized recommendations based on analyses of their profiles. The legislation also forbids the use of big data analysis to impose discriminatory pricing on users, with violators facing fines of up to 50 million yuan ($7.74 million).

Biometric technologies, such as face recognition, fingerprint verification, voice unlock and iris recognition, are widely used in public security, financial and payment services as well as medical care. To curb the risk of misuse or the leaking of biometric data, the regulations stipulate that people can choose to only approve its use when there are no other alternatives to process personal data.

Shenzhen is at the forefront of data use in commerce, finance, logistics and communications, with more than 300 big data companies in the southern city.

The legislation also emphasized that data generated and processed by organizations that provide public services, including education, health, public transportation, water and power, be available to the public as much as possible without any fees.

"Shenzhen is at the vanguard in building a smart city, the key to which is sharing data," said Guo Renzhong, an academic at the Chinese Academy of Engineering and head of Shenzhen University's Research Institute for Smart Cities.

"In the past, public data could not be legally shared and that caused a lot of digital waste. The rules in Shenzhen will promote the rapid development of the digital economy and the scientific construction of a smart city."

The move comes on the heels of cybersecurity investigations this week of several internet firms-including Didi Chuxing, a popular ride-hailing company-by the country's top internet regulator.

Mainland cybersecurity authorities announced on Sunday they had ordered the Didi's app removed from app stores amid a probe into the company's alleged illegal collection and use of personal information. (China Daily)