China rolls out data privacy law for children
In the last twelve months children’s data privacy law has expanded from what was just the US (COPPA) to covering all of Europe (under GDPR-K). But it’s not stopping there. Against many expectations, China has also introduced protection for children online.
Recently China published the Personal Information Security Specification which, together with the country’s new 2016 Cyber Security Law, establishes specific digital data privacy protections for children under the age of 14.
Under the new rules, the definition of personal information has been expanded to include IP addresses, website tracking records, and unique device identifiers. This aligns China with the GDPR-K in the EU and with COPPA in the US.
But Chinese authorities have taken it one step further, creating the concept of Sensitive Personal Information, which includes geo-location as well as any information about a child (defined as anyone under 14). As under both COPPA and GDPR-K, companies who seek to collect any Personal Information or Sensitive Personal Information from children must obtain prior consent from the parents.
This is a voluntary framework, BUT it is expected to set the best-practice standard that will be applied by Chinese regulators enforcing the Cyber Security Law.
China’s new rules align the world’s most populous country with the most stringent data protection laws for children, and clearly make do-not-track a global standard when it comes to kids online.