China’s new data privacy law ‘will state how facial recognition can be used’

Name: US blacklists 28 Chinese entities over Xinjiang
Uploaded: 2020-12-21T13:15:06.000Z
Duration: 1 min 22 s
Description: US blacklists 28 Chinese entities over Xinjiang

Personal Information Protection Law will allow use of sensitive information only for specific purposes and when ‘sufficiently necessary’, legislative body says

Draft text released for public consultation suggests sensitive information will include ethnicity, religion, facial biometrics and medical health

Reading Time:2 minutes

Why you can trust SCMP

Use of facial recognition technology is widespread in China, but there are signs of a growing demand for better privacy protection. Photo: AFP

Sarah Zheng

Published: 9:15pm, 21 Dec 2020Updated: 10:25pm, 21 Dec 2020

China’s new law on data privacy will include provisions to protect personal biometric information, amid growing concerns in the country over the prolific use of facial recognition technology.

Yue Zhongming, spokesman for the Legislative Affairs Commission of China’s legislature, said on Monday morning that the proposed Personal Information Protection Law (PIPL) will make clear that sensitive information such as facial biometrics must be “used for specific purposes and only when sufficiently necessary”, and that a risk assessment should be conducted in advance.

In the draft text of the law, released for public consultation in mid-October, Article 29 specifies that “sensitive personal information” includes information on race, ethnicity, religious beliefs, individual biometric features, medical health, financial accounts and individual location tracking.

“The use and development of facial recognition and other new technologies has created new challenges for the protection of personal information,” Yue said. “The Legislative Affairs Commission will listen further to a wide range of opinions on this issue, and conduct in-depth research and assessment.”

01:22

US blacklists 28 Chinese entities over Xinjiang

He said that the PIPL would clarify the rights of individuals regarding their personal information and the obligations of those processing it, including obtaining people’s consent and taking measures to safeguard it.

Legal experts have welcomed the draft text, drawing parallels with the European Union’s data legislation, the General Data Protection Regulation, which states that individuals own their own data and companies are only stewards of it.

Select Voice

Choose your listening speed

Get through articles 2x faster

1.25x

250 WPM

Slow

Average

Fast

00:0000:00

1.25x