On summer 2021, the National People’s Congress of the People’s Republic of China (‘PRC’) successively passed two regulations increasing the control of Chinese authorities over cross-border data flows and personal information protection: the Data Security Law (‘DSL’) and the Personal Information Protection Law (‘PIPL’).
On one hand, the DSL focuses on important and sensitive data and national security considerations by regulating how data is used, collected, developed and protected in PRC. The new measures also aim at coordinating data security implementation among governments and set up different levels of fines based on severity of violations.
On the other hand, the PIPL concerns the use and collection of personal information of individuals in PRC. To this matter, the PIPL implements strict guidelines on how companies should handle such kind of data, especially for processing personal information oversea or with a third party in PRC.