On November 1, 2021, the new law governing privacy in the People's Republic of China (PRC) came into effect. The Personal Information Protection Law (PIPL)[1] contains substantive privacy obligations and has the potential to significantly impact organizations operating both within and outside of the PRC.
PIPL comes at a time of increased regulatory focus on tech companies operating in the PRC. Organizations subject to the law were also given a relatively short runway: the law was only passed by the Standing Committee of the National People's Congress, the main legislative body of the PRC, on August 20, 2021.
An overview of PIPL's scope of application, central principles and restrictions on cross-border transfers is set out below.
Please log in to read the full article.