MediaPost reports there are proposed revisions to China's Personal Information Security Specification that would prohibit data collection for contractual purposes. The proposal requires prior consent for such collection to take place, and the changes reportedly make China's policy more stringent than the EU General Data Protection Regulation. "[U.S. or EU] companies doing business in China will not be able to rely on having entered into contracts with Chinese citizens to process their data," Harris Bricken's Griffen Thorne, CIPP/E, CIPP/US, wrote in a post for China Law Blog. "They will now need to painstakingly explain all of the ways in which they will use the data and get consent for using it, unless one of the other few very narrow exceptions applies."
If you want to comment on this post, you need to login.