Keypoint: China’s Personal Information Protection Law is a complicated regulatory regime that will require U.S. entities subject to its requirements to undertake substantial compliance efforts.
Effective November 1, 2021, China will become the latest country to enact a national data privacy law akin to Europe’s General Data Protection Regulation (GDPR). The new law – entitled the Personal Information Protection Law of the People’s Republic of China or “PIPL” – will require foreign companies, including U.S. companies, operating in China (and in some cases, operating purely outside of China) to undertake new compliance efforts.
To facilitate that process, below is a general discussion of PIPL and some of its more notable provisions. For reference, PIPL has been translated into English by DigiChina, which has a wealth of resources available on its website for those interested in further reading on this new law.