It is certainly necessary to impose restraints on internet businesses, big or small, to ensure that data is not abused.
It has already been portrayed as an additional step the Chinese government has taken toward tightening its grip on the country's robust internet sector and tech giants after the Data Security Law.
That the Personal Information Protection Law was finally approval by the national legislature on Friday and will take effect on November 1 is long-awaited good news to everyone using internet services in the country. It is of milestone significance to personal data privacy protection in China.
One will not feel the imperativeness of the law without having personally experienced the pervasiveness of personal data abuse in this country. There have even been reports about criminal cases of online fraud, which have led to the deaths of some victims in the past few years.
But more worrying is the fact that internet service providers, from businesses of various sizes to the huge platform enterprises, are exploiting every technological advance to tap our commercial potential.
If years ago the hassle was largely limited to one's personal data, from addresses and contact information, being sold by some service providers and resulting in endless solicitations to part with one's money, we are now seeing the service providers themselves trying to use the data they collect to manipulate our consumption using the personal profiles they build based on our online footprints.
In a world ruled by big data, data mining and algorithms, we as consumers with access to and connected to the internet have nowhere to hide in the virtual space. They have in their possession so much of our personal data that from time to time we come to the stunning realization that they probably know us better than we do ourselves.
And worst of all, while ordinary consumers stand naked in the face of this algorithmic voyeurism, we are poorly equipped for self-protection.
In a time when more and more services are getting online, the internet service providers have taken advantage of their largely more or less monopoly positions to force users into accepting services on their terms, while there are hardly any meaningful limits on how they exploit the user's data they acquire.
The Personal Information Protection Law marks an inspiring step toward changing that because it sets rules on the collection, use, storage and sharing of personal data, and seems to cover all aspects of the problems exposed to date. More important, the rules were made surrounding the core principle of informed consent, which, once strictly implemented, may stem many of the fraudulences concerning personal data privacy.
E-commerce and various other online services have far outpaced corresponding rule making in our country. The latest law will contribute to bridging the gap.