Data Privacy - China’s Personal Information Protection Law enters into force

Products Data Privacy
Types News

Contents

China’s Personal Information Protection Law (PIPL), which acts as an omnibus data privacy rulebook, comes into force on 1 November 2021. Data privacy in China was previously governed by a broad patchwork of different laws, but the PIPL now provides an overarching data privacy law to turn to in the first instance. Crucially, the PIPL also has extra-territorial effect, and so governs the processing of personal information of individuals located in China, regardless of whether or not the entities processing that information are in China.

Much of the PIPL has been based (at least at a high level) on the principles and provisions of the EU General Data Protection Regulation (GDPR). That being said, the PIPL is neither as prescriptive, nor anywhere near as detailed, as the GDPR. The PIPL instead provides a framework of largely high-level data privacy obligations, and is expected to be supplemented by guidance from the Chinese authorities. Exactly what implementing guidance will be published remains to be seen.

Key aspects of the PIPL include:

  • substantially increased fines of up to RMB 50 million (c.$7.5 million) or 5% of the previous year’s turnover, and other operational sanctions;
  • extra-territorial jurisdiction, as mentioned above, particularly relevant if providing products or services to (or analysing the behaviour of) individuals in China;
  • tougher data localisation and data export constraints with particularly onerous restrictions on overseas data transfers for the purposes of investigations or litigation;
  • broadened lawful processing grounds under which consent is no longer required;
  • strengthened individual rights to access, rectify and erase personal information (among others); and
  • data privacy compliance review and assessment obligations.

Given the comprehensive nature of the PIPL, compliance with the new regulatory framework may pose significant challenges for many organisations. This is further complicated by the fact that certain provisions under the PIPL remains contingent on the publication of further rules and guidance from Chinese authorities.

Rulefinder Data Privacy helps our users navigate the ever-changing situation in China and we also keep track of expected developments, proposals, consultations and draft laws and guidance in our Privacy Developments Tracker. To request the most recent copy of the tracker, please click below or email info@aosphere.com to receive the tracker and start your free trial.

 

This summary was published as part of aosphere's Rulefinder Data Privacy. Nothing in this summary is intended to provide legal or other professional advice: aosphere does not accept responsibility for loss which may arise from reliance on this summary.

 

What is Rulefinder Data Privacy?

Rulefinder Data Privacy is a user friendly database of global data privacy law and regulation sourced from leading privacy counsel across the globe and curated by aosphere’s team of senior data privacy professionals. Learn more here.
Contact Information
Duncan Mykura
Senior Associate at aosphere
duncan.mykura@allenovery.com
Related Materials
Publications
CS2104_CDD-63845_ADD-95227_LI_2

Privacy Developments Tracker: request a free copy

Our Rulefinder Data Privacy team have produced a tracker document that captures major developments related to data privacy laws. We plan to keep track of expected developments, proposals, consultations and draft laws and guidance for all countries covered by Rulefinder Data Privacy - so that Rulefinder subscribers can easily see what is coming up, and what they need to prepare for.


The information on these pages is sample data for general presentation purposes only and may not reflect the current law or practice. Nothing in the content of these pages is intended to provide legal or other professional advice and aosphere, Allen & Overy LLP and its affiliates do not accept any responsibility for any loss which may arise from reliance on the information contained on this website.
© aosphere 2022 | Privacy Statement | Legal Notices | Allen-&-Overy