On 20 August 2021, China's much anticipated Personal Information Protection Law (PIPL) was passed. The new law will come into force on 1 November 2021. The PIPL, Cybersecurity Law and the new Data Security Law (which came into force on 1 September 2021) now form the main legal framework governing data security and the handling of both personal and non-personal data in China. The PIPL has often been compared with the EU General Data Protection Regulation (GDPR) and while this statement is largely true there are many points of difference between the two regimes. For example, the cross border transfer restrictions and extra-territorial application of the PIPL are broader than the equivalent provisions in the GDPR. We discuss this, as well as some of the key aspects of the PIPL, in this Legal Update.
