In a five-part series, several facets of the Personal Information Protection Law of the People’s Republic of China, are examined. The Law went into force November 1, after two rounds of public consultation. The drafting of the PIPL was heavily influenced by the EU GDPR and follows GDPR closely in many areas. However, it has distinct features, scope, and exclusions that global companies need to understand. Even more, it remains uncertain whether an online company based outside China will become subject to the PIPL merely because it allows a Chinese resident to register an account or when its services are actively marketed to Chinese residents. What are the law’s scope, key definitions, and handling guidelines?
