Top-5 Operational Impacts of China’s PIPL

Last Updated: March 2022

China’s Personal Information Protection Law, or PIPL, enacted Nov. 1, 2021, has rewritten the rules of the global privacy landscape. Many commentators have described it as one of the strictest privacy regimes on the planet. Akin to EU General Data Protection Regulation, it also applies extraterritorially to companies that handle any personal data from China, provide products or services to Chinese residents, or analyze the behavior of Chinese consumers.

This five-part IAPP series, the “Top-5 Operational Impacts of China’s PIPL,” is written by a host of experts on Chinese law. It explores the most important features of China’s PIPL, from requirements around sensitive personal information, data subject rights and international data transfers, to the bases for handling data, DPO responsibilities, and enforcement mechanisms and penalties. The IAPP Resource Center hosts a "China" topic page, and links to in-language and English translations of the PIPL can be found in the IAPP's "Global Privacy Law and DPA Directory".

  • Part 1: Scope, key definitions and lawful processing of data
  • Part 2: Obligations and rights
  • Part 3: Personal information protection officer
  • Part 4: Penalties and enforcement mechanisms
  • Part 5: International data transfers