China Passed Several Laws to Strengthen Data Protection

China Passed Several Laws to Strengthen Data Protection
By Anonymous | September 19, 2021

As one of the largest economies in the world, China produces and consumes a significant amount of data every day; however, a well-constructed infrastructure for data regulation has long been missing. In the past 3 months, China passed several data-related laws. On June 10, Data Security Law (DSL), which requires all companies in China to classify their data into several categories and governs the storage and transfer of data, was passed. Two months after, on August 20, Personal Information Protection Law was passed; the new regulation was set up for the storing, transferring, and processing of personal information, especially the unlawful acquisition and abuse of personal data.

A computer with a flag on the screen Description automatically generated with medium confidence

A Signal

The passing of these data laws not only sets the framework of data regulations in China but also signals that the Chinese government will take time and effort to reform the improper data practices. Representatives from Chinese internet companies, including Alibaba, Tencent and ByteDance, were summoned for a meeting on improving data security and were forced to perform a risk assessment on their own products. Didi, Chinese leading ride-hailing service platform, was forced to stop new user registrations during the investigation of its improper “cross-border transfer of sensitive data”.  These actions show how cybersecurity remains the focus of Beijing, especially preventing sensitive data from going abroad as well as preventing internet firms from abusing their users’ personal information.

After Beijing Takes ByteDance Board Seat, Tencent and Alibaba May Be Next — The Information

Next steps: transparent and standardized

In the next stage, when government establishes more restrictions on data and users pay more attention to their own privacy, how should Chinese companies react? Firstly, an increased level of transparency is required. In the past, Chinese government agencies do not regulate the data usage much so that a lot of companies’ data process and algorithms are kind of “black boxes”. Users, on the other hand, will realize their rights on their own data and want to know more about how their data are being used.

Moreover, these internet service providers need to set up standardized procedures in their data acquisition, processing, storage and transferring practices. On one hand, the government needs more standardized rules to protect sensitive data from being revealed. On the other hand, the users need more standardized rules to protect their own personal information from unauthorized misusage, which might jeopardize their privileges.


In this era of data, data protection is of the top priority for both government sector and personal sector. Data related regulations are relatively more founded in developed economies like the Europe and United States, while well-established data protection guidelines are lacking in other countries. The action of Chinese government not only shows its concern with data security but also signals that governments and people around the world, especially in developing countries, have realized the importance of data and the need to set up regulations to protect data and personal information. With this increasing focus on data protection, data practices all over the world will be more standardized and people’s data privileges will be respected more and more.