On 29 June 2021, the “Data Regulation of the Shenzhen Special Economic Zone” (the "Regulation", 深圳经济特区数据条例) was adopted by the Standing Committee of Shenzhen Municipal People's Congress and will come into force on 1 Jan. 2022. The Regulation clarifies the issues on personal data protection, and builds up a system of fair competition on data usage in domestic legislation for the first time.
The Regulation takes the lead in stipulating “data rights and interests” in the provisions, clarifying that natural persons are entitled to personality rights and interests over personal data, including the rights and interests such as informed consent, supplementation and correction, deletion, access, and reproduction, etc. Natural persons, legal persons, and unincorporated organizations are entitled to the property rights and interests provided by laws, administrative regulations, and the Regulation with respect to data products and services generated through lawful data processing, and to use them independently, obtain profits and dispose of them in accordance with the law.
The Regulation establishes the basic principles for processing personal data. The first one is the “minimum necessary” principle, i.e. the processing of personal data shall be minimized to what is necessary in relation to the purposes for which they are processed, and the processing shall be conducted in a way that has the least adverse impact on personal rights and interests. The second principle is that data processors shall not refuse to provide relevant core functions or services to natural persons on the grounds that such natural persons do not agree on processing his/her personal data, unless such personal data are necessary for the provision of relevant core functions or services. The third principle is that personal data shall be processed under the principle of “informed consent”, and data processors shall obtain the consent of natural persons before processing his/her personal data and process the personal data within the scope of their consent.
The Regulation strictly restricts the processing of biometric data to avoid abuse of them. Except that such biometric data is necessary and irreplaceable for the purpose of processing personal data, alternative methods for processing other non-biometric data shall be provided in the meantime.
Cover Photo by loong xu (https://unsplash.com/@loongrat) on Unsplash
Contributors: CJO Staff Contributors Team
