Compared to China’s Cybersecurity Law, which provides that collection of personal information must be based on consent given by the data subject, China’s new Personal Information Protection Law of the People’s Republic China imposes a number of legal obligations on businesses in relation to the collection, processing, provision, transfer, deletion, and destruction of personal data. Under the law, what are the obligations of PIPs, what information should be part of the notification, and what conditions should be met to obtain consent?
