China just passed a data protection law called the Personal Information Protection Law (PIPL), which will take effect on November 1.
This law, which was proposed last year, allows Chinese authorities to take action against the collection of data in the commercial sphere, which would put legal restrictions on obtaining information from users.
The law requires the creators of the applications to offer options on the use or not of their information, such as the possibility of not being the object of commercialization or that it is based on personal characteristics.
According to state media Xinhua, data processors are also asked to obtain people’s consent to be able to process sensitive types of data, such as biometrics, medical and health data, in addition to financial and location information.
In this way, applications that process user information illegally risk having their service suspended or canceled.
Thus, all Western companies doing business in China and involving the processing of users’ personal data must deal with the extraterritorial jurisdiction of the law.
This means that foreign companies will face regulatory requirements, such as the need to assign local representatives and report to supervisory bodies in China.
An article in Reuters indicates that the National People’s Congress has celebrated the approval of this law, in addition to asking that entities that use algorithms for “personalized decision-making” obtain the consent of the people first.