[Asia Economy Reporter Kiho Sung] China is rapidly advancing legislation on personal information protection law, prompting the need for attention and caution from Korean companies. After the draft was announced on October 21 last year, public opinions were collected for about a month, and follow-up work is currently underway.
On the 13th, KOTRA stated that although the passage and actual enforcement date of China’s Personal Information Protection Law have not been determined, experts expect the law to be implemented soon.
China’s Personal Information Protection Law was proposed to prevent frequent incidents of illegal acquisition, trading, and leakage of personal information for commercial gain, aiming to protect personal life safety and prevent property damage. This move is also interpreted as aligning with policy directions to establish data ownership, a core element of the digital economy, and to build a protection system.
Some view China’s rapid push for the Personal Information Protection Law as a follow-up to the ‘Global Data Security Initiative’ announced in September last year. The ‘Global Data Security Initiative’ is an international standard China is independently promoting in response to the US ‘5G Clean Path’ policy, which excludes Chinese IT companies. It includes measures to prevent personal information infringement and prohibits the collection of personal information of citizens from other countries.
The Personal Information Protection Law, consisting of 8 chapters and 70 articles, includes ▲rules on personal information processing and overseas provision ▲individual rights and processor obligations during personal information processing ▲related executing agencies and legal responsibilities.
This law is conceptually similar to the European Union (EU)’s General Data Protection Regulation (GDPR). For example, if goods or services are provided to individuals located within China, the law can be applied extraterritorially. Also, prior notice and consent for personal information processing are mandatory, and guardian consent is required for minors, which is similar. Some provisions are stricter than EU standards. The EU imposes fines of up to 4% of the previous year’s revenue for violations, which caused controversy during its early implementation. China sets the maximum fine at 5%.
Once the Personal Information Protection Law is enforced in China, ▲financial accounts ▲personal behavior ▲medical and health-related information will be classified as ‘sensitive information.’ Therefore, ▲financial companies ▲airlines ▲travel agencies ▲hospitals, etc., will need to respond at a high level. It is expected to have a significant impact on B2C (business-to-consumer) sectors such as e-commerce and information technology (IT) services.
In December last year, KOTRA held a seminar with the Embassy of the Republic of Korea in China and the Korea Internet & Security Agency to provide guidance on China’s personal information protection regulations and suggest response measures.
Park Han-jin, head of KOTRA’s China Regional Headquarters, said, “While personal information protection legislation is a global trend, China’s uniqueness must be considered,” and added, “KOTRA will strive harder to provide important regulatory information that our companies need.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![15-Year Veteran Field Mechanic Becomes AI Talent... Korean Air's Experiment [AI Era, Jobs Are Changing]](https://cwcontent.asiae.co.kr/asiaresize/319/2025121111232252273_1765419802.jpg)
