Ignore China’s New Data Privacy Law at Your Peril

China's 989 million internet users may not be used to digital privacy, but that could be changing. The country's first comprehensive data privacy law was implemented on November 1. It increased the protections for hundreds of millions of users. This law will not only change the way companies in China conduct business but it will also have a huge impact on the rest of the world.
The Personal Information Protection Law (PIPL) has been updated. It places more restrictions on the use of personal data by companies and individuals who handle it. China's latest attempt to limit the unchecked growth in its tech giants is represented by the Personal Information Protection Law (PIPL).

The law will not only stop illegal data trading and theft in China but it also serves the government's national security interests. It builds on recent cybersecurity and data security laws. Companies from overseas that do not comply with PIPL and harm China's national security may be placed onto a blacklist. This could ban them processing personal data in China. It also opens the door for international tit-fortat retaliation. Yahoo closed down all remaining services in China on the day that the law was passed. This was due to the increasingly difficult business and legal climate.

PIPL is actually focusing on national security, society and individuals because of its unique Chinese political system. Alexa Lee is a senior manager of policy for the Information Technology Industry Council. She also serves as an associate editor for Stanford University's DigiChina project which translated the PIPL into English.

China's personal privacy law mirrors some aspects of Europe's comprehensive General Data Protection Regulation (GDPR). Lee states that PIPL is a copy of GDPR for individuals. Both PILP as well as GDPR allow individuals to access the information they have been given, to request corrections and deletions, or to withdraw their consent for their data to be used by a company. Sometimes the laws are almost identical in some cases.

Individual privacy is at risk from the Chinese government, and I'm not sure if they will be. Omer Tene, Goodwin

Companies must protect personal information of individuals. China has made it mandatory for companies to employ data protection officers. This move has boosted demand. The GDPR also includes the possibility of huge fines. A company that violates PIPL can face fines up to 50m yuan ($7.8m) or 5 percent its annual revenue. This is roughly equivalent to GDPRs 23% and 4 percent thresholds.

The Cyberspace Administration of China is in charge of the PIPL. This regulator oversees the approval list of news sources and other aspects of internet access. The state-backed regulators in China are a stark contrast with the independent European data regulators found in all the blocs. Although GDPR enforcement has been slow at best, the CAC could take a more strict line against companies that violate its laws. As ride-hailing giant DiDis went public in New York, the CAC sent teams of experts to examine its data handling.