MONTH-IN-BRIEF (Aug 2021)
China Enacts Data Protection Law
By Jeffrey Wilson, JunHe
On August 20, 2021, China’s Standing Committee of the National People’s Congress approved the Personal Information Protection Law (“PIPL”). The law takes effect on November 1, 2021.
The PIPL is the first comprehensive law on the protection of personal information in China. The law covers issues related to the entire life cycle of personal information, from its creation to its deletion, and is similar, but not identical, to the European Union’s General Data Protection Regulation. The PIPL adopts a relatively broad definition of “Personal information,” defining it as all kinds of information, recorded electronically or by other means, related to identified or identifiable natural persons. The PIPL imposes and will be interpreted in accordance with the general principles of good faith, necessity, transparency, having a clear and reasonable purpose, limiting the processing to the minimum scope needed to achieve the processing purpose, and ensuring the accuracy of information processed.
Further clarification is expected as the PIPL explicitly calls on central government authorities to enact further regulations. Moreover, local authorities may also be expected to issue their own regulations and interpretations.