English
עברית
Français
Deutsch
Русский
Español
简体中文
日本語
Dutch
Türkçe
Language
English
עברית
Français
Deutsch
Русский
Español
简体中文
日本語
Dutch
Türkçe
Home
About us
About us
CV at a glance
Global reach
Pro Bono
What we do
Practice area
The team
Knowledge center
Insights & News
Client updates
Credentials
Doing business in Israel
Join us
Contact
Barnea Blog
© All rights reserved to Barnea Jaffa Lande Law offices

Together is powerful

Client updates
28 October 2021
by Karin Kashi
         
Antitrust and Competition
Banking & Finance
Capital Markets
Corporate
Employment
Infrastructure
Internet
Litigation
NPO
Private Clients
Real Estate
Regulation
Tax
High Tech

How Can China’s New Privacy Protection Law Affect Your Business?

On November 1, 2021, the new Chinese Personal Information Protection Law (PIPL) will come into effect. This law is modeled after the well-known European General Data Protection Regulation (GDPR).

 

Like the GDPR, the PIPL will apply not only to Chinese organizations, but also to any organization processing the personal information of people located in China. Therefore, any organization that collects data from China must comply with this new law or risk suffering the consequences.

 

The principles of the Chinese law are largely the same as those of the GDPR, but with some major differences. Therefore, even if an organization performs all the actions required to comply with the GDPR, it is not necessarily also complying with the PIPL.

 

For example, the Chinese law imposes separate and distinct restrictions on exports of data collected from China. Unlike the GDPR, the PIPL does not recognize “green” countries to which organizations can transfer information without restriction. Rather, it requires a special arrangement for every export of personal information from China.

 

Another significant difference concerns the legal grounds for processing information originating from China. The GDPR allows organizations to use the data they collect about people without obtaining their express consent and for purposes that do not directly relate to the product or service they are providing, when the collection is for the “legitimate interests” of the organization or of others. No such possibility exists in the PIPL. Organizations must thus ask themselves whether they may make particular use of information collected from China, even though they may do so in other countries.

 

Additionally, some organizations that process information originating from China must appoint a local representative. This local representative will handle matters related to the protection of personal information.

 

Sanctions imposed as a result of non-compliance with the PIPL’s requirements:

 

The PIPL imposes harsher punishment on offenders. Among the sanctions it may impose on violating organizations are administrative fines of up to RMB 50 million (about ILS 25 million) or up to 5% of the organization’s annual business revenue; personal administrative fines on the people responsible in the organization of between RMB 100 thousand and RMB 1 million (between ILS 50-500 thousand); restrictions and bans on the organization’s activity in China; and addition to a blacklist of offender organizations with whom activity is banned.

 

Although the PIPL is coming into effect within the next few days, it is reasonable to assume that, at least for the next few months, punishment by virtue of the law will be relatively moderate. However, if your business processes information globally or processes a significant amount of information originating from China, we advise you to familiarize yourself with this new law and make the necessary adjustments accordingly.

Tags: China | PIPL | Privacy Protection Law