On May 28, National Information Security Standardization Technical Committee, which is jointly created by the Cyberspace Administration of China and the Standardization Administration of China, drafted the "Data Security Management Measures", a document that is designed to specify an order of personal data collection, processing and use. The new regulations will arguably become a hindrance for major tech companies that track users' behavior for commercial purposes countrywide.
The draft consists of 40 articles and is separated into 4 parts. It obliges network operators to employ measures such as data categorization, backups, and encryption, to strengthen the protection of personal information. In regard to the customized feed, companies shall give customers an option: whether to receive the information (including news, ads and other) based on the data related to their online activity. If a certain customer refuses, the company must stop all the promoting motions toward the device belonging to this user. Moreover, all the data related to this device collected at the date should be deleted.
Indeed, the proposed regulations might destroy the ads-fueled revenue schemes and heavily affect the whole adtech industry. Some companies made some prep and have already started diversifying revenue streams. For example, ByteDance initiated its global expansion to gain more from operating under (so far) less regulated legal environment. The company is also going to spread over other industry verticals mainly by undertaking cross-industry acquisitions.
In Europe, the law of similar nature (so-called "General Data Protection Regulation") was adopted seven years ago. Since then, local citizens have been complaining about the Real-Time Bidding (RTB) system used by Google and other huge adtech companies. Personal data leakages revealed the fact of data collection and processing conducted by the IT giants. A peculiar kind of "abuse of power" is what people are afraid of, as their consuming behavior can be manipulated by visual marketing tools. "Data protection is a legal requirement that must be translated into practices and technical specifications", said Gemma Galdon Cavell, CEO of Eticas.
With 828.51 million (the number increased almost threefold in the past 10 years) Internet users, China is among the most attractive markets to employ lucrative data-based business models. Regulatory issues are pivotal as the newly imposed rules shape market landscape by determining basic requirements for companies. Digital era makes commercial interests and privacy collide, and legislators should be able to resolve this problem.