ADVERTISEMENT

How China's new data privacy law impacts global firms?

November 02, 2021 09:12 am | Updated 10:21 am IST

Today's Cache dissects big themes at the intersection of technology, business and policy.

John Xavier
The Chinese national flag is seen in Beijing, China

China’s personal data protection law came into effect on November 1.

ADVERTISEMENT

ADVERTISEMENT

 

In the past 12 months, China has been coming down heavily on businesses that store or process its citizens’ data. After two rounds of draft versions, the Standing Committee of the National People's Congress passed the country’s personal data protection law in August.

Sign up for newsletters, unlock features and do more on The Hindu
LOG IN
Support our reporting.
SUBSCRIBE NOW

The law comes into effect on November 1, and could significantly increase the burden and cost of data privacy compliance for organisations operating in China.  

ADVERTISEMENT

Dubbed as China's version of EU’s General Data Protection Regulation (GDPR), the Personal Information Protection Law (PIPL) mandates companies to obtain consent from people for collecting, storing, processing, and transferring their personal data.

It requires critical data infrastructure operators to get consent from users to store their data on the company’s servers located in the country. These firms must also ask for user’s consent before exceeding personal data threshold prescribed by the law.

Also Read | China proposes guidelines on internet platform responsibilities

PIPL is not limited to companies processing consumers’ data. It will also apply to employers as they qualify as data controllers, according to the new law.  That means every company will have to comply with the requirements in collecting and processing employees’ personal data.

Organisations found in violation of the new law may face severe penalties, including a fine of up to 5% of their previous year's turnover, revocation of license to do business in China, and personal liabilities for company executives.

Extra-territorial reach

An important aspect of PIPL is its extended reach, which goes beyond the country’s borders. Existing laws do not have a binding effect on extra-territorial jurisdiction, but PIPL has. It explicitly specifies the broad reach of its jurisdiction.

This can impact “foreign companies and overseas parent companies of Chinese subsidiaries that process personal information collected from the Chinese market as the data collected in China will now be subject to the various personal information protection requirements under the PIPL,” according to international law firm Morgan Lewis.

Failure to comply may put companies on "blacklist" that would restrict them from receiving personal data from China.

 

To get Today's Cache delivered to your inbox, subscribe here .

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every month
unlock them all
SUBSCRIBE NOW
If you're already a subscriber
You have exhausted your free article limit.
Please support quality journalism.
SUBSCRIBE NOW
or read this article by Downloading The Hindu News app
If you're already a subscriber
You have exhausted your free article limit.
Please support quality journalism.
SUBSCRIBE NOW
or read this article by Downloading The Hindu News app
If you're already a subscriber
The Hindu operates by its editorial values to provide you quality journalism.
Support our reporting.
SUBSCRIBE NOW
This is your last free article.
to read unlimited content from The Hindu
SUBSCRIBE NOW
Get The Hindu News App on
Get The Hindu News App on

ADVERTISEMENT

ADVERTISEMENT

To enjoy additional benefits

Make most of your subscription

Crossword+

CONNECT WITH US