China tech policy: Shenzhen’s new data law another signal of intent to rein in Big Tech

Shenzhen is moving forward with a new draft law aimed at protecting personal data, in another signal of China’s ambition to rein in Big Tech and build a robust data management regime that balances privacy protection with appropriate business use.

Under discussion for a year as authorities grapple with key issues such as data ownership and rights, the Shenzhen Special Economic Zone Data Regulation will be the first local data law in China. The latest draft, published by the Shenzhen legislature this week for public feedback until June 15, imposes new restrictions on how Big Tech can gather and utilise user data with enhanced punishment for violations.

The draft proposes a hefty penalty of up to 50 million yuan (US$7.7 million) for companies that engage in algorithmic price discrimination, where a platform offers different prices to different users based on how much it thinks they are willing to pay. This has become a common practice among China’s travel booking platforms, which has angered both consumers and the authorities.

“The hefty fine is similar to those under the national Personal Information Protection Law (PIPL), but it is the first time that the local legislature has attempted to impose similar fines under local laws,” said James Gong, who is of counsel to law firm Herbert Smith Freehills.

The regulation also makes it clear that an individual has the right to say no to data collection requests and has the right to know, copy, correct and delete his or her personal information online, in a clear sign that the authorities have a preference for consumer protection over corporate profitability.