In August, China passed the Personal Information Protection Law (PIPL). This legislation marks China’s first comprehensive legal attempt to define personal information and regulate the storing, transferring, and processing of personal information. The law requires companies that are considered critical information infrastructure operators must store data collected in mainland China locally. And, these companies must also undergo a security assessment to gain approval to send any of that data overseas.
While the PIPL has been compared to Europe’s General Data Protection Regulation (GDPR), China defines personal information more broadly than many other countries. For example, even if certain data may not be able to identify a user, it could still fall under the PIPL as long as it is “related to identified or identifiable natural persons”.
For companies in possession of large amounts of personal information or of data on critical information infrastructure, it will be more difficult to transfer data from China to other countries due to the mandatory security assessment. Given the broad scope of the laws, some companies might choose to outsource management of data related to China.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.