China's new comprehensive cybersecurity law came into effect on June 1, 2017.
Under Article 43 of the law, individuals can request that 'network operators' delete their personal information when it has been obtained illegally, or direct that erroneous information be corrected. Article 76 defines personal information as, "all kinds of information, recorded electronically or through other means, that taken alone or together with other information, is sufficient to identify a natural person's identity, including, but not limited to, natural persons' full names, birth dates, identification numbers, personal biometric information, addresses, telephone numbers".
Article 37 imposes data localization requirements, directing that personal information and other important data generated in the People's Republic of China be stored within mainland China.
Article 27 prohibits "illegal entry of others' networks, disruption of the normal function of others' networks, theft of network data or other activities endangering network security", and under the law violators can be fined up to RMB 1,000,000.
The law also mandates protection of information information infrastructures important to national security, the economy, or the public interest.