China’s Big Tech firms to create user information oversight bodies under upcoming data privacy law

‎China’s upcoming Personal Information Protection Law will have internet companies create independent bodies to oversee their compliance of data privacy regulations

The law’s latest draft is undergoing a second round of review, as Beijing increases scrutiny of how Big Tech companies handle user data

Reading Time:2 minutes

A revised draft of China’s Personal Information Protection Law was submitted for review on April 26, 2021. Photo: AP

Published: 8:30pm, 26 Apr 2021Updated: 8:56pm, 26 Apr 2021

China’s internet giants are each expected to create an independent oversight body for protecting users’ information under the upcoming data privacy law, according to a report by state-run Xinhua News Agency.

The much-anticipated Personal Information Protection Law (PIPL), the country’s first set of rules to safeguard personal data, is undergoing a second round of review, as Beijing tightens its scrutiny of how Big Tech companies gather and make use of private data. The initial version of PIPL was unveiled in October last year, and a revised draft was submitted on Monday for review.

The new draft requires internet platforms with a “large number of users” and “complex businesses” to establish “independent bodies” that oversee how they process personal data, according to the report.

It said each independent body, which will be primarily composed of people from outside the company, would be tasked with overseeing the firm’s regular publication of social responsibility reports involving personal data protection.

China’s upcoming data privacy law tightens scrutiny of how Big Tech companies gather and make use of private data. Photo: AP

It remains unclear how the upcoming law’s latest draft defines a “large number of users” and the manner in which “independent bodies” will oversee the way internet platforms handle user data. This draft will soon be introduced to the public, while the law’s final version is expected to be rolled out within the year after a third round of review.

Putting the onus on Big Tech companies to become the gatekeepers for user data protection is a concept that is legally unprecedented internationally, according to Raymond Wang, a partner at law firm Anli Partners.