China’s New Privacy Protection Law

Barnea Jaffa Lande & Co.

On November 1, 2021, the new Chinese Personal Information Protection Law (PIPL) will come into effect. This law is modeled after the well-known European General Data Protection Regulation (GDPR).

Like the GDPR, the PIPL will apply not only to Chinese organizations, but also to any organization processing the personal information of people located in China. Therefore, any organization that collects data from China must comply with this new law or risk suffering the consequences.

The principles of the Chinese law are largely the same as those of the GDPR, but with some major differences. Therefore, even if an organization performs all the actions required to comply with the GDPR, it is not necessarily also complying with the PIPL.

For example, the Chinese law imposes separate and distinct restrictions on exports of data collected from China. Unlike the GDPR, the PIPL does not recognize “green” countries to which organizations can transfer information without restriction. Rather, it requires a special arrangement for every export of personal information from China.

Another significant difference concerns the legal grounds for processing information originating from China. The GDPR allows organizations to use the data they collect about people without obtaining their express consent and for purposes that do not directly relate to the product or service they are providing, when the collection is for the “legitimate interests” of the organization or of others. No such possibility exists in the PIPL. Organizations must thus ask themselves whether they may make particular use of information collected from China, even though they may do so in other countries.

Additionally, some organizations that process information originating from China are obligated to appoint a local representative who will be responsible for handling matters related to the protection of personal information.

Sanctions imposed as a result of non-compliance with the PIPL’s requirements:

The PIPL imposes harsher punishment on offenders. Among the sanctions it may impose on violating organizations are administrative fines of up to RMB 50 million (about ILS 25 million) or up to 5% of the organization’s annual business revenue; personal administrative fines on the people responsible in the organization of between RMB 100 thousand and RMB 1 million (between ILS 50-500 thousand); restrictions and bans on the organization’s activity in China; and addition to a blacklist of offender organizations with whom activity is banned.

Although the PIPL is coming into effect within the next few days, it is reasonable to assume that, at least for the next few months, punishment by virtue of the law will be relatively moderate. However, if your business processes information globally or processes a significant amount of information originating from China, we advise you to familiarize yourself with this new law and make the necessary adjustments accordingly.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Barnea Jaffa Lande & Co. | Attorney Advertising

Written by:

Barnea Jaffa Lande & Co.

Barnea Jaffa Lande & Co. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.