The PRC Personal Information Protection Law and its Regulatory Impact on Multinational Entities
September 24, 2021 | BY
Susan MokJerry (Jianwei) Fang and Runyang Liu of Zhong Lun Law Firm introduce China's Personal Information Protection Law and explain a number of vital compliance considerations for multinational corporations
Summary
|
- The PIPL marks a key step forward in regulation of personal information rights of individuals
- The PIPL sets out fundamental principles as well as a legal and regulatory framework
- The PIPL applies to any processor of the personal information of Chinese natural persons, and can therefore apply to multinational companies based outside of China
- Foreign companies should also take note of the cross-border transfer requirements in relation to personal information
On August 20, 2021, the 30th session of the Standing Committee of the 13th National People's Congress (the NPC) passed the PRC Law on the Protection of Personal Information (the PIPL) (中华人民共和国个人信息保护法). The law takes effect on Nov. 1, 2021. The PIPL contains eight parts and 74 articles, and sets out among other things, the general data protection principles, rules for processing personal information (PI), rights of the individual concerned in the processing of PI, the obligations of the PI handlers (个人信息处理者), and the regulatory authority for regulating processing of PI and protecting PI.
In recent years, China has been active in legislating and regulating the security of data and PI protection
This premium content is reserved for
China Law & Practice Subscribers.
A Premium Subscription Provides:
- A database of over 3,000 essential documents including key PRC legislation translated into English
- A choice of newsletters to alert you to changes affecting your business including sector specific updates
- Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment
Already a subscriber? Log In Now