The second draft PIPL was open for public comment until late May. A third and final draft is expected to be up for review before the law passes by the end of this year.
In the meantime, Beijing is continuing to clamp down on high-profile tech companies over their data practices. In mid-May, the China Cyberspace Administration—the state’s internet watchdog—called out tech giants Baidu, ByteDance, Kuaishou, and Microsoft for improperly collecting user data there.
Behind the government’s push for greater data privacy and security is not just its desire to be seen as a responsible global partner that adheres to international norms. It’s also eager to get ahead of the scrutiny ByteDance, Tencent, and other homegrown giants will likely face as they expand overseas. Having an official data privacy framework on the books should help China dictate the matter on its own terms.
In its latest five-year plan, the government declared in that consumption will play a growing role in driving economic growth. Policymakers view digital marketing and data as vital cogs in that wheel—and ones they want full control over. In the era of 5G and breakneck tech development, data has become a matter of national sovereignty and security.
China’s response to the iOS 14.5 privacy update is a case in point. Under Apple’s new framework, apps must ask each user for consent before they can track the user’s activities across apps and websites. Many expected this update to drastically reduce the viability of Apple’s Identifier for Advertisers (IDFA), which marketers had relied on to better target ads and measure the success of campaigns.
About a month before the framework’s rollout, reports emerged that China’s digital giants, including ByteDance and Tencent, were testing an alternative developed by the state-backed China Advertising Association (CAA). Dubbed the China Advertising ID (CAID), the identifier circumvents Apple’s tracking restrictions using device fingerprinting, which creates a unique user profile based on device and usage data. Though Apple has preemptively warned companies against using CAID, it has not taken any concrete action yet.
More recently, Apple announced earlier this month that its new Private Relay feature would not be available in China, due to regulatory reasons. The feature is designed to veil iOS users’ web browsing behavior from internet service providers and advertisers.
As the data privacy landscape there takes shape, Apple and other digital giants will likely struggle to adapt right out the gate, and more international tussles will ensue. Ultimately, however, the transparency and regulatory benefits that PIPL and other such laws will provide may be worth the pain.