PIPL is the first special law on personal information protection in China. It is published on October 21, 2020. The full name is the Personal Information Protection Law of the People ‘s Republic of China.
It has significant impact on the activities of organizations and individuals dealing with personal information in China.
The Personal Information Protection Law, along with the Data Security Law，mark two major regulations set to govern China’s internet in the future.
It takes effect on 1st Nov 2021.
China PIPL is heavily based on consent. No “legitimate interest” base for processing.
It requires foreign companies operating in China to appoint a local representative who bears responsibility for PIPL compliance.
It requires submission of cross border data transfers to a CAC security assessment.
It requires large data handlers (to be defined by CAC) to localize data in China.
Cyberspace Administration of China (CAC) is the regulator of PIPL. This is different DPA from the ones companies are used to dealing with in the EU or US.
Use a consent management platform like UniConsent to offer consumers full control of data collection, opt-out features, manage the preferences communication for PIPL compliance together with GDPR.