China is reportedly mulling over plans to require large internet firms to establish independent agency for personal information protection, which an industry observer said reflects that the country is accelerating protection of users’ privacy in laws, whereas large internet companies themselves should strengthen self-governance to improve personal information management from the root.
The draft law of personal information protection submitted to the Standing Committee of the National People’s Congress for a second deliberation on Monday mulls to regulate that personal information handlers that provide basic internet platform services, with large user base and complex businesses, should establish an independent agency that is comprised of external members to supervise the management of personal information, the Xinhua News Agency reported.
In addition, these companies are required to regularly release a social responsibility report on personal information protection, the report said.
According to Xinhua, the draft law also regulates that internet platforms are prohibited from dealing with personal information through “coercion,” and should provide convenient methods for users to withdraw their consent and set up rules for customized push, among other requirements.
The long-awaited personal information protection law comes as mass user data is being mastered by super internet platforms via services ranging from e-commerce to finance management, which brings potential risks to user data safety.
The Supreme People’s Procuratorate on Thursday released a batch of typical public lawsuits against personal information infringement, most of which are related to mobile apps.
One of the cases is that a music education app developed by an internet company in East China’s Zhejiang Province was found to illegally collect, store and use personal information. After mediation, the company agrees to conduct all-round rectification to its app, delete all users’ personal information it collected and stored illegally and make commitment of no more personal data infringement.
“The cost of internet companies in infringing personal information is too low to contain the rampant activity,” a veteran industry observer who preferred to be unnamed told the Global Times on Monday, noting that complex businesses and numerous subsidiaries also make it hard to precisely identify responsibility.
It’s of equal importance for internet giants – which have grown up by relying on numerous data – to clarify the redlines of user data and user privacy, and increase investment in personal information management in a bid to regain users’ confidence on them, he said.
A Beijing subway station tests a facial recognition system on July 25. Photo: IC