China passes new personal data privacy law, to take effect Nov. 1

On Friday, China passed a significant data protection law (Personal Information Protection Law (PIPL), which contains a comprehensive set of rules around data collection, processing, and protection. It lays out tougher rules on how companies can collect and use their user’s information. It will come into effect on November 1.

The law, one of the world’s toughest on personal data security, will make it harder and expensive for tech firms in China to access and use consumer information.

According to Xinhua, the law aims to protect privacy by offering individuals the legal right to say no to excessive data collection by business entities and even certain government agencies.

The law also states that companies must obtain individual consent to obtain sensitive personal information such as biometrics, medical health, financial accounts, and location. For platforms that illegally collect personal information, regulators can suspend or terminate the provision of their services.

The law results from the growing concern in Beijing about the amount of data being collected by companies— particularly in the internet sector, and the potential implications. That is why a data governance framework is being established to ensure the security of essential data, regulating how businesses collect and use sensitive personal data while encouraging the circulation of less sensitive data to unleash its economic value. The PIPL and the Data Security Law, and local data regulations aim to tackle these data-related issues.

A final version of the law hasn’t been published yet, but a previous draft contains rules around consent requirements for data protection and penalty for companies on non-compliance.

If you have any queries then you can contact our experts at or by clicking the below link!

Post a comment

Your email address will not be published. Required fields are marked *