The law has been largely touted by Beijing as a milestone in data privacy regulations, but critics say authorities haven’t provided enough information about how the wide-reaching law will be implemented. That’s a big concern, as failure to comply carries fines that could hit 1 million yuan (about $150,000) and potential criminal charges.
What’s more, the law is expected to make it even harder to do business in China by increasing costs to foreign firms, exposing multinationals to cyber-espionage, and giving domestic companies an unfair edge. And it’s adding to the already tough environment: The World Bank currently ranks the world’s second-largest economy 78 out of about 190 countries in terms of ease of doing business, only a few notches above Qatar, Guatemala and Saudi Arabia.
The gist of the law seems simple enough. The law will ban the collection and sale of user’s personal information. Companies operating in China will also have to store their customer’s data on servers in the country (which has been delayed until the end of 2018 to figure out some kinks), and customers will have the right to have their data erased. At the same time, individuals will have to register with their real names on messaging apps and social networks.
According to the state-run Xinhua news agency, the new law — approved by the country’s “rubber-stamp” parliament — was introduced in response to the growing threat of cyber-terrorism and hacking, which would replace a large patchwork of different, loosely collected laws. Source