Data privacy in China: Zhejiang province proposes rule to ‘destroy’ personal data collected during emergencies
- Zhejiang province is reviewing new rules for handling public data, including that collected as a response to a public emergency
- Personal data was collected on a wide scale in China during the Covid-19 pandemic for contact tracing, leading to rampant leaks
China’s eastern province of Zhejiang, which is leading the country in applying big data technology to administration, has drafted rules stipulating that personal data collected during a public emergency should be either “sealed” or destroyed after use, a decision that would put certain checks on government agencies.
A draft version of the rules on how public institutions should collect, use and share data during emergencies states that they should provide support by sharing public data, and can demand businesses and individuals to provide relevant data, according to state-run news agency China News Service.
But once the emergency response is over, public institutions should assess and classify the collected data, and make sure data that involves state secrets, business secrets and personal privacy be either “sealed up” or destroyed, the news agency reported this week. The draft rules, the full text of which has not been made available yet, also state that relevant data applications should be shut down after the emergency response.
The draft Zhejiang rules represent the latest attempt by a local Chinese government to explore data governance, as Beijing builds a national legal framework for data with new laws including the Data Security Law, which was passed in June and goes into effect next month, and the Personal Information Protection Law, which is expected to be passed within the year. Local authorities are now experimenting with more detailed and more aggressive rules on how public institutions and businesses should handle personal data.