China’s Personal Information Protection Law

China’s first privacy law, the Personal Information Protection Law, went into effect on 1 November 2021.1 Driven by security and privacy concerns, the law established the legal framework and principles for processing the personal data of people residing within the territory of China. The law shares some of the principles and concepts in the EU’s General Data Protection Regulation (GDPR), although stated in broader terms.Like GDPR, the Chinese law aims to empower individuals by giving them control over their data. Personal data are defined as “information related to an identified or identifiable natural person recorded electronically or by other means, but do not include anonymised information.”1 Health data, classified as sensitive, must be processed through a rigorously regulated pathway, with clear justification for the proposed use and unambiguous consent. Importantly, while the new law does not cover fully anonymised data, it does apply to data that have been “de-identified” since…
Read Original Article: China’s Personal Information Protection Law »