On 20 August 2021, the 13th National People's Congress of the People's Republic of China passed the Personal Information Protection Law (中华人民共和国个人信息保护法) ("PIPL"), which will take effect on 1 November 2021. The PIPL, together with the Cybersecurity Law which came into effect on 1 June 2017, and the Data Security Law which came into effect on 1 September 2021, form the core tenets of cybersecurity and data protection in China.
Compared with the second draft of the law, the enacted draft of the PIPL introduced several important new rules that will have a significant impact on how Personal Information Processors such as Internet and social media giants may handle and process Personal Information. This update will examine some of the key highlights of the PIPL.
The Data Security Law of the People's Republic of China (中华人民共和国数据安全法) ("Data Security Law"), which was passed by the Standing Committee of the National People's Congress of the People's Republic of China on 10 June 2021, has come into effect on 1 September 2021. The Data Security Law comprises 55 Articles spread across 7 Chapters, and deals with important issues such as Data Security and Development, Data Security Systems, Data Protection Obligations, and Security and Openness of Governmental Data. This update sets out some of the key highlights of the Data Security Law.