China has passed a new privacy law aimed at protecting users’ personal data. The new law comes as Chinese tech firms have come under renewed scrutiny in the country, and sets rules around how companies handle users’ information. The law takes effect on November 1st.

The law formally called the Personal Information Protection Law was passed by China’s legislature on Friday, and calls for companies to get users’ consent before collecting personal data, and has rules for how companies should ensure users’ data is protected when it’s transferred outside of China.

Tech companies that handle personal information must have a designated person tasked with overseeing its protection, and companies must conduct regular audits to be sure they’re complying with the law.

Companies handling personal user data have to have clear and reasonable purpose for doing so, and must limit it to the “minimum scope necessary to achieve the goals” of handling said data.

Personalization is the result of a user’s choice, and true personalized recommendations must ensure the user’s freedom to choose, without compulsion, Therefore, users must be given the right to not make use of personalized recommendation functions.