PIPL (Personal Information Protection Law, China).

China's comprehensive personal-information protection statute, effective November 2021, with GDPR-like data subject rights, strict cross-border transfer requirements, and substantial penalties enforced by the Cyberspace Administration of China. 它属于网络安全的 合规与框架 分类。

China's comprehensive personal-information protection statute, effective November 2021, with GDPR-like data subject rights, strict cross-border transfer requirements, and substantial penalties enforced by the Cyberspace Administration of China.

The Personal Information Protection Law of the People's Republic of China (PIPL) entered into force on 1 November 2021 and, together with the Cybersecurity Law (CSL, 2017) and the Data Security Law (DSL, 2021), forms the core of China's data-governance regime. PIPL applies to processing of personal information of natural persons within China and to processing outside China that targets Chinese residents. Personal-information handlers must process on a lawful basis (consent, contract necessity, statutory duty, public-health emergency, public interest, public-information), provide transparent notices, honour rights of access, correction, deletion, and decision review (including against automated profiling), and conduct Personal Information Protection Impact Assessments before sensitive-data or cross-border processing. Cross-border transfer requires one of: a security assessment by the Cyberspace Administration of China (CAC), a certification by a CAC-approved body, the Chinese standard contractual clauses, or another mechanism. Penalties include fines up to ¥50 million or 5 % of annual revenue, suspension or revocation of licenses, and personal liability for responsible individuals. Compliance is enforced by CAC and sectoral regulators.

针对 PIPL (Personal Information Protection Law, China) 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: Personal Information Protection Law, 中国个人信息保护法。