China Targets Data Collectors With New GDPR-Aligned National Standards
May 29, 2020 | BY
Vincent ChowUnbundled consent, biometric data and personalized displays all feature in China's latest data protection specification
Chinese regulators have finalized new national standards for the collection and storage of personal information. The new comprehensive document provides granular detail of how businesses should obtain customer consent, design personalized displays, and store biometric information, as well as provides internal governance best practices.
Lawyers recommend businesses comply fully with the standards outlined in the updated Information Security Technology - Personal Information Security Specification (信息安全技术个人信息安全规范) despite its non-binding legal status. That is because various regulators including the Cyberspace Administration of China (CAC) as well as third-party assessment bodies are using it as a yardstick for measuring compliance with general personal information protection rules and regulations.
This premium content is reserved for
China Law & Practice Subscribers.
A Premium Subscription Provides:
- A database of over 3,000 essential documents including key PRC legislation translated into English
- A choice of newsletters to alert you to changes affecting your business including sector specific updates
- Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment
Already a subscriber? Log In Now