China on Tuesday sent its draft personal data protection law to its legislature for deliberation, a press release from the National People’s Congress (NPC), the country’s parliament, said. Summarising the bill, the release warns countries and regions with “corresponding measures” if they take “unreasonable measures” against China in the name of data protection. The release has also cautioned international organisations of consequences if they harm Chinese citizens’ privacy. The bill is not yet publicly available. We have reached out to the Chinese embassy in Delhi for more information and a copy of the bill. This bill, if enacted, will regulate how the personal data of more than 900 million internet users in China is processed and stored. As per the release, China has more than 4 million websites and more than 3 million apps. It covers personal data which is related to identified or identifiable natural persons and has been recorded electronically or otherwise. It does not cover anonymised data. It makes informed consent mandatory for data processing, imposes obligations on data processors, and mandates certification for cross-border data flows among other things. Violators of the proposed law will be ordered to “rectify” their behaviour, receive a formal warning, and have any illegal income confiscated, Caixin, an Chinese publication, reported. The eight-chapter bill with about 70 articles, as per Caixin, has proposed fines of up to ¥50 million (~₹54.5 crore) or the equivalent of up to 5% of their revenue from the previous year for companies that repeatedly flout the…
