Estimated reading time: 1 minute, 36 seconds

China’s Personal Information Protection Law May Ripple Globally  

China’s first comprehensive data privacy law came into effect earlier this month, and experts warn the law’s impact will be felt around the world.

china 156219 640smallAs Wired reports reports, the Personal Information Protection Law tightens rules on how companies use customers’ data and is joined at the hip with national security policy in Beijing. Multinational corporations that run afoul of PIPL could be effectively banned from handling Chinese personal information.

Yahoo shuttered its remaining Chinese operations when PIPL took effect on November 1. The tech company pointed to an “increasingly challenging business and legal environment.” LinkedIn left in October citing similar worries.

Like Europe’s General Data Protection Regulation, PIPL allows people to see their data, ask for corrections or deletions and withdraw their consent for a company to process their data. Yet while the GDPR sets up independent data regulators in each of the European Union’s countries, PIPL is overseen by China’s state-backed internet regulator. According to Wired, under PIPL, “any reasonable-sized company operating in and out of China could be swept up in [a national-security] review process."

No organization looking to do business can afford to ignore PIPL, cautions Isabelle Hajjar, cybersecurity and privacy head of compliance for digital risks and security firm TekID, and Mathieu Gorge, founder of cybersecurity company VigiTrust. Writing in VentureBeat, they advise running a compliance self-evaluation, knowing the PIPL risks of every decision and continuing to audit compliance regularly.

As cybersecurity risk-assessment firm ACA Aponix notes in a report on PIPL, similar to GDPR, the law applies to companies without a physical presence in China, if the companies are targeting people within China or monitoring their data.

According to ACA Aponix, organizations should take inventory of their personal data assets, including specifics about sensitive personal data elements, cross-border transfers and third-party relationships. ACA Aponix also recommends a records management program that requires secure disposal or personal data after a certain retention period.

Read 1396 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.