Paul McKenzie authored an article for the International Association of Privacy Professionals examining the scope of the Personal Information Protection Law (PIPL), China’s privacy law which came into force in 2021.
“The drafting of the PIPL was heavily influenced by the EU General Data Protection Regulation (GDPR), and follows GDPR closely in many areas,” Paul wrote. “However, it has distinct features, scope, and exclusions that global companies need to understand.”
He added: “The PIPL applies broadly to the handling of personal information (PI) of natural persons that is undertaken within China. It also has extraterritorial reach. Article 3 provides that the PIPL also applies to the handling outside China of PI of natural persons in China under any of the following circumstances: where the purpose is to provide products or services to natural persons in China, where the behavior of natural persons in China is analyzed and evaluated, [and] other circumstances stipulated by laws and administrative regulations.”
Read the full article.