PIPL (Personal Information Protection Law, China)
¿Qué es PIPL (Personal Information Protection Law, China)?
PIPL (Personal Information Protection Law, China)China's comprehensive personal-information protection statute, effective November 2021, with GDPR-like data subject rights, strict cross-border transfer requirements, and substantial penalties enforced by the Cyberspace Administration of China.
The Personal Information Protection Law of the People's Republic of China (PIPL) entered into force on 1 November 2021 and, together with the Cybersecurity Law (CSL, 2017) and the Data Security Law (DSL, 2021), forms the core of China's data-governance regime. PIPL applies to processing of personal information of natural persons within China and to processing outside China that targets Chinese residents. Personal-information handlers must process on a lawful basis (consent, contract necessity, statutory duty, public-health emergency, public interest, public-information), provide transparent notices, honour rights of access, correction, deletion, and decision review (including against automated profiling), and conduct Personal Information Protection Impact Assessments before sensitive-data or cross-border processing. Cross-border transfer requires one of: a security assessment by the Cyberspace Administration of China (CAC), a certification by a CAC-approved body, the Chinese standard contractual clauses, or another mechanism. Penalties include fines up to ¥50 million or 5 % of annual revenue, suspension or revocation of licenses, and personal liability for responsible individuals. Compliance is enforced by CAC and sectoral regulators.
● Ejemplos
- 01
A multinational reorganizes its data flows so EU customer data and Chinese customer data live in regionally isolated stacks, each with its own SCC-equivalent cross-border mechanism.
- 02
A Chinese e-commerce platform conducts a PIPIA before launching a personalized-pricing feature, then offers users an explicit opt-out from automated decision-making per PIPL Article 24.
● Preguntas frecuentes
¿Qué es PIPL (Personal Information Protection Law, China)?
China's comprehensive personal-information protection statute, effective November 2021, with GDPR-like data subject rights, strict cross-border transfer requirements, and substantial penalties enforced by the Cyberspace Administration of China. Pertenece a la categoría de Cumplimiento y marcos en ciberseguridad.
¿Qué significa PIPL (Personal Information Protection Law, China)?
China's comprehensive personal-information protection statute, effective November 2021, with GDPR-like data subject rights, strict cross-border transfer requirements, and substantial penalties enforced by the Cyberspace Administration of China.
¿Cómo funciona PIPL (Personal Information Protection Law, China)?
The Personal Information Protection Law of the People's Republic of China (PIPL) entered into force on 1 November 2021 and, together with the Cybersecurity Law (CSL, 2017) and the Data Security Law (DSL, 2021), forms the core of China's data-governance regime. PIPL applies to processing of personal information of natural persons within China and to processing outside China that targets Chinese residents. Personal-information handlers must process on a lawful basis (consent, contract necessity, statutory duty, public-health emergency, public interest, public-information), provide transparent notices, honour rights of access, correction, deletion, and decision review (including against automated profiling), and conduct Personal Information Protection Impact Assessments before sensitive-data or cross-border processing. Cross-border transfer requires one of: a security assessment by the Cyberspace Administration of China (CAC), a certification by a CAC-approved body, the Chinese standard contractual clauses, or another mechanism. Penalties include fines up to ¥50 million or 5 % of annual revenue, suspension or revocation of licenses, and personal liability for responsible individuals. Compliance is enforced by CAC and sectoral regulators.
¿Cómo defenderse de PIPL (Personal Information Protection Law, China)?
Las defensas contra PIPL (Personal Information Protection Law, China) combinan habitualmente controles técnicos y prácticas operativas, como se detalla en la definición.
¿Cuáles son otros nombres para PIPL (Personal Information Protection Law, China)?
Nombres alternativos comunes: Personal Information Protection Law, 中国个人信息保护法.
● Términos relacionados
- compliance№ 488
RGPD
Reglamento General de Protección de Datos de la Unión Europea que regula el tratamiento de datos personales de personas en la UE y el EEE.
- compliance№ 393
DPDP Act (Digital Personal Data Protection Act, India)
India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India.
- privacy№ 314
Residencia de datos
Exigencia de que los datos se almacenen físicamente —y a veces se procesen— dentro de un país o región determinada, por contrato, demanda del cliente o regulación sectorial.
- privacy№ 316
Soberanía de datos
Principio según el cual los datos quedan sujetos a las leyes y estructuras de gobernanza del país en el que se recogen, almacenan o procesan, con independencia de la sede del proveedor.
- compliance№ 1085
SCC
Las Clausulas Contractuales Tipo son modelos aprobados por la Comision Europea que proporcionan garantias conformes al RGPD para las transferencias de datos personales fuera del EEE.
- privacy№ 914
Información de Identificación Personal (PII)
Cualquier dato que permita identificar a una persona específica por sí solo o combinado con otra información, como nombres, identificadores o registros biométricos.