PIPL (Personal Information Protection Law, China)
Qu'est-ce que PIPL (Personal Information Protection Law, China) ?
PIPL (Personal Information Protection Law, China)China's comprehensive personal-information protection statute, effective November 2021, with GDPR-like data subject rights, strict cross-border transfer requirements, and substantial penalties enforced by the Cyberspace Administration of China.
The Personal Information Protection Law of the People's Republic of China (PIPL) entered into force on 1 November 2021 and, together with the Cybersecurity Law (CSL, 2017) and the Data Security Law (DSL, 2021), forms the core of China's data-governance regime. PIPL applies to processing of personal information of natural persons within China and to processing outside China that targets Chinese residents. Personal-information handlers must process on a lawful basis (consent, contract necessity, statutory duty, public-health emergency, public interest, public-information), provide transparent notices, honour rights of access, correction, deletion, and decision review (including against automated profiling), and conduct Personal Information Protection Impact Assessments before sensitive-data or cross-border processing. Cross-border transfer requires one of: a security assessment by the Cyberspace Administration of China (CAC), a certification by a CAC-approved body, the Chinese standard contractual clauses, or another mechanism. Penalties include fines up to ¥50 million or 5 % of annual revenue, suspension or revocation of licenses, and personal liability for responsible individuals. Compliance is enforced by CAC and sectoral regulators.
● Exemples
- 01
A multinational reorganizes its data flows so EU customer data and Chinese customer data live in regionally isolated stacks, each with its own SCC-equivalent cross-border mechanism.
- 02
A Chinese e-commerce platform conducts a PIPIA before launching a personalized-pricing feature, then offers users an explicit opt-out from automated decision-making per PIPL Article 24.
● Questions fréquentes
Qu'est-ce que PIPL (Personal Information Protection Law, China) ?
China's comprehensive personal-information protection statute, effective November 2021, with GDPR-like data subject rights, strict cross-border transfer requirements, and substantial penalties enforced by the Cyberspace Administration of China. Cette notion relève de la catégorie Conformité et référentiels en cybersécurité.
Que signifie PIPL (Personal Information Protection Law, China) ?
China's comprehensive personal-information protection statute, effective November 2021, with GDPR-like data subject rights, strict cross-border transfer requirements, and substantial penalties enforced by the Cyberspace Administration of China.
Comment fonctionne PIPL (Personal Information Protection Law, China) ?
The Personal Information Protection Law of the People's Republic of China (PIPL) entered into force on 1 November 2021 and, together with the Cybersecurity Law (CSL, 2017) and the Data Security Law (DSL, 2021), forms the core of China's data-governance regime. PIPL applies to processing of personal information of natural persons within China and to processing outside China that targets Chinese residents. Personal-information handlers must process on a lawful basis (consent, contract necessity, statutory duty, public-health emergency, public interest, public-information), provide transparent notices, honour rights of access, correction, deletion, and decision review (including against automated profiling), and conduct Personal Information Protection Impact Assessments before sensitive-data or cross-border processing. Cross-border transfer requires one of: a security assessment by the Cyberspace Administration of China (CAC), a certification by a CAC-approved body, the Chinese standard contractual clauses, or another mechanism. Penalties include fines up to ¥50 million or 5 % of annual revenue, suspension or revocation of licenses, and personal liability for responsible individuals. Compliance is enforced by CAC and sectoral regulators.
Comment se défendre contre PIPL (Personal Information Protection Law, China) ?
Les défenses contre PIPL (Personal Information Protection Law, China) combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.
Quels sont les autres noms de PIPL (Personal Information Protection Law, China) ?
Noms alternatifs courants : Personal Information Protection Law, 中国个人信息保护法.
● Termes liés
- compliance№ 488
RGPD
Règlement général sur la protection des données de l'Union européenne, encadrant le traitement des données personnelles des personnes situées dans l'UE et l'EEE.
- compliance№ 393
DPDP Act (Digital Personal Data Protection Act, India)
India's first comprehensive personal-data protection statute, enacted in August 2023 and being progressively operationalized, requiring lawful purpose for processing, consent notices, data-principal rights, breach notification, and a Data Protection Board of India.
- privacy№ 314
Résidence des données
Exigence selon laquelle les données sont stockées physiquement, voire traitées, dans un pays ou une région donnés, sous l'effet de contrats, exigences clients ou réglementations sectorielles.
- privacy№ 316
Souveraineté des données
Principe selon lequel les données sont soumises aux lois et structures de gouvernance du pays dans lequel elles sont collectées, stockées ou traitées, indépendamment du siège du fournisseur.
- compliance№ 1085
CCT (SCC)
Clauses contractuelles types : modeles de contrats approuves par la Commission europeenne offrant des garanties conformes au RGPD pour les transferts de donnees personnelles hors de l'EEE.
- privacy№ 914
Informations personnelles identifiables (PII)
Toute donnée permettant d'identifier une personne, seule ou combinée à d'autres informations, comme un nom, un identifiant ou un enregistrement biométrique.