China’s legislature has officially passed the Personal Information Protection Law (PIPL), placing legal restrictions on how personal data can be collected, used and managed after it comes into effect on November 1. The law, one of the world’s toughest on personal data security, is set to make it significantly harder and more expensive for tech firms in China to access and use consumer information, with a far-reaching impact that is being compared with the implementation of the General Data Protection Regulation in the European Union. According to Xinhua, the law aims to protect privacy by offering individuals the legal right to say “no” to excessive data collection by business entities and even certain government agencies. The full text of the final version has not been released, but Xinhua reported that it would empower users to turn off targeted advertising. The law also states that companies need to obtain individual consent to obtain sensitive personal information such as biometrics, medical health, financial accounts, and location. For platforms that illegally collect personal information, regulators can suspend or terminate the provision of their services. China set to pass new law to protect ‘legitimate rights’ on personal data The newly passed legislation, along with the Data Security Law which goes into effect next month, is expected to put an end to the Wild West era for China’s Big Tech companies, in which they have largely had a free hand in how they collect and use consumer data. China is establishing a data governance framework that seeks to ensure the security of what it deems as important data, putting limits on how businesses collect and use sensitive personal data, while encouraging the circulation of less sensitive data to unleash its economic value. The PIPL, along with the Data Security Law and local data regulations, are aimed at helping Beijing achieve these goals. The Ministry of Industry and Information Technology said on Wednesday that 43 smartphone applications, including popular apps such as Tencent Holdings’ WeChat, its corporate version WeCom, Tencent Video and Tencent Maps, were found to have inappropriately transferred user contact data and location information, or used pop-up ads when users opened the app. A report by Xinhua on Thursday highlighted some of the behind-the-scenes discussions among members of the National People’s Congress (NPC), which passed the new legislation, on how to regulate data collection. NPC member Zhang Shaoqin suggested that “even if the user authorises the app to access the data operations in the phone, the app should not be allowed to read, copy, modify, disseminate, or delete any personal information in his or her social media apps in violation of regulations”, according to Xinhua.