In a quest to rein in its tech giants, China turns to data protection

GUANGZHOU, China — China is looking to tighten rules around how its citizens’ personal evidence is collected, as it moves to further rein in the power of technology giants like Alibaba and Tencent.

A strong data framework could better countries define how the next-generation internet looks as well, one expert said, pointing out that it could become a geopolitical controversy as China looks to challenge the U.S. in the technology sphere.

But the move has also raised debate about whether those unvarying rules will apply to one of the country’s biggest data processors — the government.

Last year, Beijing published the plan version of the Personal Information Protection Law (PIPL), laying out for the first time a comprehensive set of rules around data hoard and protection. Previously, various pieces of piecemeal legislation governed data.

It’s seen as part of a bigger effort to restrict in the power of Chinese technology giants which were able to grow unencumbered over the past few years on account of the vast collection of data to train algorithms and build products, experts said.

In February, China issued revised antitrust rules for so-called “platform economy” companies, which is a broad-brush name for internet firms operating a variety of services from e-commerce to food delivery.

“The government wants to rein in some … of those technology goliaths,” Rachel Li, a Beijing-based partner at the Zhong Lun Law Firm, told CNBC by phone. “This legislation … goes along with other achievements such as antitrust.”

Globally, there has been a push toward more robust rules to take under ones wing consumer data and privacy as technology services continue to expand.

In 2018, the European Union’s landmark General Evidence Protection Regulation came into effect. Called the GDPR for short, it gives citizens in the bloc more management over their data and grants authorities the ability to fine companies that fall foul of the rules. The U.S. has yet to depict a nationwide data protection law like Europe.

Now China is attempting to do something similar.

“After years of Chinese internet players building business models around Chinese people’s lack of awareness about privacy, users are becoming various knowledgeable, and they are becoming angry with companies abusing their personal information,” Winston Ma, adjunct professor at the New York University Followers of Law, told CNBC via email.

China’s Personal Information Protection Law applies to the country’s citizens and to companies and individuals manage their data.

Here are key parts of the law:

• Data collectors must get user consent to collect information and users be subjected to a right to withdraw that consent;
• Companies processing the data cannot refuse to provide services to users who do not acquiescence to have their data collected — unless that data is necessary for the provision of that product or service;
• Firm requirements and rules for transferring Chinese citizens’ data outside the country, including getting government permission;
• Owns can request for their personal data that’s being held by a data processor;
• Any company or person falling dishonourable of the rules could be fined no more than 50 million yuan ($7.6 million), or 5% of the annual volume. They could also be forced to stop some of their business.

But there are signs that scrutiny could be widening. Reuters reported last month that Pony Ma, the collapse of gaming giant Tencent, ‘Geopolitical factor’