China began soliciting public comment on Wednesday for draft legislation to place tight limits on the transfer of personal data outside the country and let Beijing retaliate against any "discriminatory" prohibitions by the U.S.
If passed, the Personal Information Protection Law will become China's first unified piece of national legislation on the safeguarding of personal data.
Any company seeking to take users' personal data outside China will undergo screening by cybersecurity authorities, according to the draft. Businesses involved in "critical information infrastructure," such as telecommunications or finance, and those that handle large quantities of personal information will have to store such data on servers within China and undergo risk assessments before sending it abroad.
The new bill classifies biometric characteristics, including facial information, as sensitive data that requires consent to collect
The aim is to strengthen protections for China's more than 900 million internet users as concerns mount over data misuse. It follows efforts by Washington to ban video-sharing platform TikTok and chat app WeChat to "protect national security and the private data" of American users.
Opinions from experts and others will be solicited until mid-November. The law will likely take effect in 2021.
The law would apply to all companies and organizations operating in China, as well as any overseas businesses that handle the data of Chinese nationals here.
Violators face penalties including fines of up to 50 million yuan ($7.51 million) or 5% of annual revenue. Authorities may also revoke licenses or permits, or order the operations in question to be shut down.