China Passes the Personal Information Protection Law
View Debevoise In Depth
- On August 20, 2021, China’s Standing Committee of the National People’s Congress passed the Personal Information Protection Law (“PIPL”). The law comes into effect on November 1, 2021.
- The PIPL follows the adoption of the Data Security Law in June as the latest regulation of data security in the PRC. The PIPL has been referred to as China’s version of Europe’s General Data Protection Regulation (“GDPR”) given its strict restrictions on the usage, processing, and collection of personal information.
- Like the GDPR, the PIPL has extra-territorial effect.
- While a number of specifics remain unclear or subject to additional regulatory actions, the PIPL represents a significant change to data protection in the Chinese market and will likely require companies to adopt GDPR-style procedures with Chinese characteristics.