China passed a sweeping privacy law aimed at preventing businesses from collecting sensitive personal data, as the country faces an uptick in internet scams, leaks and concerns about tech giants abusing clients’ personal information.  Under the new rules passed by China’s top legislative body, state-run and private companies handling personal information will be required to reduce data collection and obtain user consent.

The new rules are also expected to further rattle China’s tech sector, with companies like ride hailing giant Didi and gaming behemoth Tencent in regulators’ crosshairs in recent months over misuse of personal data.

The law aims to protect those who “feel strongly about personal data being used for user profiling and by recommendation algorithms or the use of big data in setting [unfair] prices,” a spokesman for the National People’s Congress told state news agency Xinhua earlier this week. It will prevent companies from setting different prices for the same service based on clients’ shopping history, a common practice among Chinese online businesses.   The law appears to be  modelled after one of the world’s strictest online privacy protection laws – the European Union’s General Data Protection Regulation.

The law also stipulates that the personal data of Chinese nationals cannot be transferred to countries with lower standards of data security than China – rules which may present problems for foreign businesses.  Companies that fail to comply can face fines of up to 50 million yuan ($7.6 million) or five percent of a company’s annual turnover.  Serious violators run the risk of losing their business licenses and being forced to shut down.

This story was picked up from The Gulf news