• Search in Protiviti.com

What is the Personal Data Protection Law of China (PIPL)?

Point of View: China’s Cybersecurity Law: Personal Information Protection Overview

下载

As part of our series providing insights into the Cybersecurity Law of the People’s Republic of China (PRC), this Point of View (POV) highlights a key area pertaining to personal information protection.

Personal information is defined as information that can be used individually or in combination with other information to identify a person. Requirements around the dissemination and management of personal information by network operators are prescribed within the Cybersecurity Law and are closely linked to the national standard of personal information protection, the Personal Information Security Specification (“the Specification”).

The enforcement of personal information protection is primarily based on the Territoriality Principle: all legal entities operating in mainland China must comply with legal requirements, and authorities can prosecute offenses committed within the Chinese border. This means that both local and multi-national companies operating within mainland China are accountable for personal information protection and must comply with requirements outlined in the Cybersecurity Law and the Specification. It is therefore essential that companies understand these requirements and address the potential compliance challenges discussed in this POV.

下载

Overview of Personal Information Protection

Both the Cybersecurity Law and the Specification prescribe a set of principles for network operators around personal information protection. Although the Specification is neither a law nor a regulation and cannot legally make any official judicial interpretations of the Cybersecurity Law, it is one of the most important national standards concerning the protection of personal information in China. Corporations are recommended to comply with the Specification to demonstrate compliance with the personal information protection requirements under the Cybersecurity Law.

Since late 2018, the Cybersecurity Law has been referenced by the Ministry of Public Security, the Ministry of Industry and Information Technology, the Cyberspace Administration of China (CAC), and State Administration for Market Regulation during investigations and prosecutions of illegal acts. Going forward, the Specification and other upcoming rules and measures will be utilized and developed by regulatory authorities to facilitate law enforcement.

Compliance Requirements of Personal Information Protection

Under the Cybersecurity Law, network operators are required to fulfill certain technical security measures and compliance procedures to protect personal information. Furthermore, the Specification, along with other laws and administrative rules from regulatory authorities, are applied to the Cybersecurity Law for clarification, interpretation, and stipulation.

Protiviti Consulting (Shanghai) Co. Ltd. (甫瀚咨询(上海)有限公司) is a Member Firm in China of the Protiviti network of independent and locally owned consulting firms that operate under the Protiviti name. Member Firms are autonomous companies, are not agents of Protiviti Inc. or other firms in the Protiviti network and have no authority to obligate or bind other firms in the Protiviti network. 甫瀚咨询(上海)有限公司是Protiviti网络下的中国成员公司,Protiviti网络由成立于全球各地的采用Protiviti名称独立经营的咨询公司组成。成员公司具有自主经营权,并非Protiviti Inc.或Protiviti网络下的其他公司的代理人,且并未获得使Protiviti网络下的其他公司承担义务或约束该等其他公司的授权。

Loading...