1. China’s legislature edges closer to finalizing data privacy regime
At a glance: The National People’s Congress (NPC) Standing Committee issued the second draft of its Personal Information Protection Law (PIPL) for public comments. Notable changes since the first draft was released in October 2020 include:
- Expansion of the law’s scope to cover private data use by big tech companies, which are required to establish independent bodies to supervise the handling of personal information
- Penalties of up to CNY 1 million for the transfer of domestically stored personal information to foreign authorities without government permission
- Requirement for companies to give users the choice of whether to receive automated, personalized advertisements based on their personal information
The NPC simultaneously issued the second draft of its Data Security Law (DSL) for review, which, among other things, increases the fines for data security violations for companies and responsible personnel.
MERICS comment: The release of these second drafts represents a big step toward finalizing China’s comprehensive legislative framework for data protection – a key regulatory focus since the implementation of the Cybersecurity Law in 2017.