On October 21, 2020, the Personal Information Protection Law (Draft) (hereinafter referred to as the "PIPL" or "Draft") was officially announced to the public and solicited comments after the first review by the Standing Committee of the National People's Congress. Generally, the PIPL has borrowed a number of regulatory approaches from the GDPR (General Data Protection Regulations) including extraterritorial application, more lawful bases other than consent for processing personal information ("PI"), cross-border transfer through certification and contractual protection, fines based on a certain percentage of the turnover, and so on.

As the country's first comprehensive law in the area of PI protection, the PIPL aims to "protect the rights and interests of individuals," "regulate personal information processing activities," "safeguard the lawful and orderly flow of data," and "facilitate reasonable use of personal information". This alert will interpret the PIPL from 11 key words to give you a high-level overview of this significant legislation.

Please click here to view the full report

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.