The Shenzhen government issued the most detailed data regulation on data in China yet. The regulation laid the groundwork for future national and regional data legislation, experts said.
Passed on June 29 by top legislators in Shenzhen, the regulation bans several common data practices seen as invasive or unfair, and will push the government to make public data available for free. The regulation also addresses ownership of data, an important gap in Chinese law.
“It affects every possible interested party about data, from data user, to data processor, to market operator, government, court, and so on,” said Devin Song, a partner at Fieldfisher law firm in Beijing.
Since the 1980s, the Shenzhen special economic zone has served as a testbed for national policies—starting with allowing private enterprise. “Shenzhen is being used as a trial are for experimental regulation, which makes sense because Shenzhen is a hotbed of innovation and is China’s silicon valley,” said Kendra Schaefer, head of tech policy research at strategic advisory Trivium China.
Why it matters: China is writing a rulebook for data that will shape the tech industry and could be a model for governments worldwide. Shenzhen’s regulation is likely to set a pattern for other regions and national rules, experts said.
China is passing a series of laws on data and privacy, including the Data Security Law passed in June and a forthcoming Personal Information Protection Law. Shenzhen’s regulation offers specific details about how these laws will be implemented for the first time.
Details: The Standing Committee of the Shenzhen Municipal People’s Congress published the Data Regulation of Shenzhen Special Economic Zone on Tuesday. They will be effective in the city from Jan. 1, 2022.
Limit data collection: The rules ban apps from requiring users to sign data agreements to access “core services,” and from requiring face recognition or other biometric data. Devin Song pointed out the regulation also prohibits apps from profiling users under the age of 14 in order to serve them targeted ads.
Most apps will need to rewrite privacy policies, and many will need to be redesigned to offer less invasive options, said Calvin Peng, a senior partner at Jincheng Tongda & Neal law firm.
Chinese apps frequently make broad demands for personal information, and in China’s ultra-connected cities, it can be hard to say no. Many restaurants require users to provide name and contact information before using WeChat mini-apps to order food. One TechNode reporter was recently asked for his “name, telephone number, and gender information” in order to use a tap to wash sand off his feet at a beach. (He consented.)
The age limit “challenges the business models of many popular applications, including short-video app Douyin,” wrote Carolyn Law, China analyst at Control Risks, in an analysis of the regulation. But “it’s unclear what the practical impact is on these companies as this is only a local-level regulation,” she added.
Opening ‘public data’: The regulation also addresses data collected by the state, requiring the government to make its data available to the public for free by default. The regulation defines a category of “public data,” and states that this data will be “shared by default, with non-sharing as an exception,” describing a system in which data from different government platforms is compiled in a single public database. The regulation also prohibits the government from charging fees to access data.
Schaefer told TechNode that data openness has been encouraged by national policy documents, but this may be the first example of a regulation spelling out requirements.
Data ownership: Another “massive deal,” Schaefer said, is the creation of a new category of “public data,” owned by the state. Since a decision last year to recognize data as a “new factor of production,” the Chinese government has sought to develop markets around it. But these have been hampered by confusion over what it means to own data.
In an interpretation attached to the regulation, the legal committee of Shenzhen’s legislature wrote that “It is difficult to clearly create a new type of ownership rights through local regulations,” but “There is a general consensus that data products and services enjoy property rights. The regulation took the lead in exploring the scope and types of data rights.”
The regulation defines this new category of public data as “data generated by public agencies when providing public services.”
READ MORE: The loophole in China’s privacy regime: anonymization
What’s next? Shenzhen’s approach to regulating data will likely shape the national environment, as other regional governments and Beijing write their own rules. Peng told TechNode that Shanghai will likely be next to publish a data regulation, and that Guizhou province and Anhui province could follow.