China’s Personal Data Law – Legal and Practical Assessment of Compliance Risk
By:
The implementation of the Personal Information Protection Law (“PIPL”) in 2021 establishes a legal framework that regulates the collection of personal information (“PI”) in China, applying to both foreign and domestic companies. The law also governs the cross-border transfer (or export, used interchangeably) of PI and has extraterritorial effects. Foreign companies processing Chinese PI from their home countries are subject to PIPL’s scrutiny, requiring them to either establish an entity in China or designate a Chinese representative. This local entity or representative must comply with PIPL requirements and register with the Cyberspace Administration of China (“CAC”).
Article 38 of PIPL outlines the obligations for companies exporting PI, whether belonging to Chinese or foreign nationals. Companies must choose one of the following options:
a) Successfully undergo a security assessment by CAC. b) Enter into a standard contract with the overseas PI recipient, filing it along with a PI Protection Impact Assessment at the provincial level CAC. c) Obtain certification from an accredited institution.
According to the Measures for Security Assessment of Data Cross-border Transfer, data processors meeting specific criteria, such as those transferring important data, serving as key information infrastructure operators, or handling PI for over 1 million people, must opt for security assessments (Option a). Options b and c are not available for entities meeting these criteria. Additionally, these security assessments apply to data processors exporting PI of over 100,000 subjects or Sensitive PI of over 10,000 subjects since January 1st of the previous year…
Featured News
Big Tech Braces for Potential Changes Under a Second Trump Presidency
Nov 6, 2024 by
CPI
Trump’s Potential Shift in US Antitrust Policy Raises Questions for Big Tech and Mergers
Nov 6, 2024 by
CPI
EU Set to Fine Apple in First Major Enforcement of Digital Markets Act
Nov 5, 2024 by
CPI
Six Indicted in Federal Bid-Rigging Schemes Involving Government IT Contracts
Nov 5, 2024 by
CPI
Ireland Secures First €3 Billion Apple Tax Payment, Boosting Exchequer Funds
Nov 5, 2024 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Remedies Revisited
Oct 30, 2024 by
CPI
Fixing the Fix: Updating Policy on Merger Remedies
Oct 30, 2024 by
CPI
Methodology Matters: The 2017 FTC Remedies Study
Oct 30, 2024 by
CPI
U.S. v. AT&T: Five Lessons for Vertical Merger Enforcement
Oct 30, 2024 by
CPI
The Search for Antitrust Remedies in Tech Leads Beyond Antitrust
Oct 30, 2024 by
CPI