China’s impetus to regulate the use of personal data is less about protecting individuals’ right to privacy, as it is understood in the West, as it is preserving national security and social order.
International companies using Chinese citizens’ data could therefore become “targets” in geopolitical tussles.
If a company outside of China conducts processing activities, the PIPL requires that it set up a special institution or designate a representative in China for handling personal information protection matters, and report the name and contact details of such institution or representative to the Chinese authorities.
Violations of the PIPL may lead to an administrative fine of up to RMB 50 million or 5% of the processor’s turnover in the last year (it is unclear if this is local or global). Other penalties include order for rectification, warning, confiscation of illegal gains, suspension or cessation of service, cessation of operation for rectification, and revocation of operating permits or business licenses. The person-in-charge or other directly liable individuals may also be individually liable and fined or prohibited from acting as directors, supervisors, senior managers or personal information protection officers.
- Need more time to implement changes
- Not processing personal data from Chinese citizens
- First time I heard about it