Better data protection will boost digital economy

On Nov 1, the Personal Information Protection Law was officially implemented. Combined with the Data Security Law that came into effect on Sept 1, the legal framework in the field of data security is being established and improved.

The Personal Information Protection Law has attracted much attention since its formulation, because some of its provisions will have a significant impact on enterprises. For example, it stipulates that relevant data platform enterprises should establish a compliance system, clarify a series of legal obligations such as protecting personal information and regularly publishing social responsibility reports on personal information protection.

These regulations will increase the costs of compliance for enterprises and they will have to speed up the establishment of their internal supervision systems. It is difficult to define important internet platform services, to which this law should apply as there is a huge number of users and their business types are complex. But the law will undoubtedly apply to all large internet platform enterprises.

Will higher costs be bad for enterprises? In this case no. In the final analysis, the Personal Information Protection Law will protect the rights and interests of individuals, which will help the enterprises enjoy their trust. The enterprise compliance cost caused by the compliance with the law has always existed. However, due to the lack of supervision and user’s lack of awareness of the value of their personal information, companies have been able to get away without having internal compliance systems, thus saving themselves this expense. From this perspective, the law only forces enterprises to spend the money they should spend through mandatory provisions. Therefore, as a new market rule, the personal information protection law does not directly affect the current market pattern, but only standardizes the market order.

The law is good for the market as the protection of personal information is actually the protection of data property rights. The law stipulates that enterprises should follow the principle of minimization when collecting data necessary for the use of software. This provision protects the right of enterprises to collect data in professional fields and prevents consumers’ date from being harvested and exploited.

The law does not deprive enterprises of the right to data. But data is playing an increasingly important role as a new factor of production, and there are more and more requirements for data security. The law standardizes the market order and optimizes the allocation of data as a new production factor in the era of the digital economy. In this way, the law will actually promote the digital economy.

－PAN HELIN, EXECUTIVE DEAN AND PROFESSOR AT THE DIGITAL ECONOMY RESEARCH INSTITUTE OF THE CENTRAL SOUTH UNIVERSITY OF ECONOMICS AND LAW