The new law which includes definitions, rules, rights, protections, and consequences around personal data comes at a time when China is cracking down on tech companies in the country. China on Friday passed the Personal Information Protection Law (PIPL), putting in place one of the world's strictest data privacy laws, Wall Street Journal reported. The law, which closely resembles Europe's robust General Data Protection Regulation (GDPR), is set to go into effect on November 1, the report stated. But unlike its European counterpart, which restricts data collection by governments, PIPL gives the Chinese government broad access to data, the report added. What does the Personal Information Protection Law say? MediaNama has done a complete summary of the first draft of the PIPL released in October 2020. The second draft, released on April 2021, does not deviate much from the first. The full text of the final version wasn’t released upon passage. Here is a compilation of some of the most important provisions of the new law: Definition of personal information handler: Organisations and individuals that “autonomously” determine the purposes, methods, and other such aspects of data handling. This is similar to how “data fiduciary” is defined in the Indian PDP Bill or how the GDPR defines “data controller”. From the Bill, it is clear that a personal information handler/data controller must be a private company or individual, unlike the GDPR or Indian PDP Bill where government bodies are also considered data controllers and data fiduciaries, respectively. When can personal information…
