China's State Council is mulling over a regulation that ensures designated institutions delete personal information they collect in response to public health emergencies 60 days after the emergencies are solved, or within a certain time limit set by the relevant departments of the State Council, according to a draft regulation.
The draft named "network data processing safety regulation" is dedicated to protecting the personal data collected amid tight epidemic control measures. It already completed its soliciting for public opinions in October, China Central Television CCTV reported on Monday.
Epidemic prevention and control measures in many Chinese cities require residents to register their personal information including ID number, cell phone number and even collect facial information.
However, wide concerns over data privacy amid the combat against the coronavirus have been raised after personal data leaks were reported in several Chinese cities this year.
A 20-year-old woman, surnamed Zhao from Chengdu in Southwest China's Sichuan Province, who was confirmed as a COVID-19 case on December 8 after her grandparents were confirmed on the previous day, became a targeted for online abuse last week
Some netizens accused her as the sole person to blame for the Chengdu outbreak after epidemiological investigations showed she had made frequent visits to social venues, bars and clubs across the city. Others took their abuse too far, cursing and ridiculing her online.
She also received many phone calls and text messages after her personal information was leaked, she said in a statement later on social media.
Chengdu police started an investigation and seized a man surnamed Wang, who was then given administrative punishment for posting a photo containing Zhao's personal information and record of movements, Chengdu police announced on December 9.
China has been stressing data protection amid the COVID-19 epidemic. In February, when the country was battling with COVID-19, the Cyberspace Administration of China issued a notice stating that, except for epidemic control work and desensitized information, no unit or individual may disclose personal information, such as name, age, ID number, and telephone numbers, without the consent of the person in question.