On August 20, 2021, the Standing Committee of the National People’s Congress promulgated the Personal Information Protection Law (PIPL), which will become effective on November 1, 2021. The PIPL is the first comprehensive national level personal information protection law in China, which systematically regulates the processing of personal information by entities and individuals. The PIPL, together with the Cybersecurity Law, which was promulgated in 2017, and the Data Security Law, which was promulgated earlier this year, form the three pillars of China’s comprehensive data protection legal regime.

This Alert provides a summary of the highlights of the PIPL, discusses the implications on domestic and foreign businesses operating in China, and compares the PIPL with the European Union (EU) General Data Protection Regulation (GDPR), which has greatly influenced many of the concepts included in the PIPL.
Continue Reading China Passes Personal Information Protection Law

On March 6, 2020, the China Standardization Administration and the State Administration for Market Regulation jointly released an updated version of the Personal Information Security Specification (the “Specification”) which will become effective on October 1, 2020.[1] The updated Specification updates the current Specifications[2] that have been in effect since May 1, 2018, and is the result of a revision effort by the Specification’s drafters, that included a series of interim drafts published for public comment on January 30, 2019, June 21, 2019, and most recently, on October 22, 2019, in order to address certain loopholes and practices leading to excessive collection of personal information.
Continue Reading China Updates its Personal Information Security Specification