PIPL (Personal Information Protection Law, China).

China's comprehensive personal-information protection statute, effective November 2021, with GDPR-like data subject rights, strict cross-border transfer requirements, and substantial penalties enforced by the Cyberspace Administration of China. サイバーセキュリティの コンプライアンスとフレームワーク カテゴリに属します。

China's comprehensive personal-information protection statute, effective November 2021, with GDPR-like data subject rights, strict cross-border transfer requirements, and substantial penalties enforced by the Cyberspace Administration of China.

The Personal Information Protection Law of the People's Republic of China (PIPL) entered into force on 1 November 2021 and, together with the Cybersecurity Law (CSL, 2017) and the Data Security Law (DSL, 2021), forms the core of China's data-governance regime. PIPL applies to processing of personal information of natural persons within China and to processing outside China that targets Chinese residents. Personal-information handlers must process on a lawful basis (consent, contract necessity, statutory duty, public-health emergency, public interest, public-information), provide transparent notices, honour rights of access, correction, deletion, and decision review (including against automated profiling), and conduct Personal Information Protection Impact Assessments before sensitive-data or cross-border processing. Cross-border transfer requires one of: a security assessment by the Cyberspace Administration of China (CAC), a certification by a CAC-approved body, the Chinese standard contractual clauses, or another mechanism. Penalties include fines up to ¥50 million or 5 % of annual revenue, suspension or revocation of licenses, and personal liability for responsible individuals. Compliance is enforced by CAC and sectoral regulators.

PIPL (Personal Information Protection Law, China) に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: Personal Information Protection Law, 中国个人信息保护法。