China strongly signaled this week that its proposed data privacy law, the Personal Information Protection Act (PIPL) is likely to become law after August 20th when it is considered during the 30th sitting of its 2000-strong parliament which convenes between Aug 17-20. The 98th sitting of the Standing Committee of the National People's Congress chaired by Li Zhanshu, the Communist Party's No. 3, approved for consideration over a dozen draft laws among them the PIPL.
While it largely conforms to other data privacy legislations around the world, its articles on the handling of personal information by State organs, and the cross-border transfer of information are noteworthy. Specifically, China proposes to blacklist any third-party organization that breaches its citizens private information and to order that it no longer receive any personal data of individuals domiciled within China. It also proposes retaliatory reciprocity against countries that "discriminate" against China in the area of data protection.
Personal Information Protection Law of the People’s Republic of China (Draft)
Table of Contents
Chapter I: General Provisions
Chapter II: Personal Information Handling Rules
Section I: Common Provisions
Section II: Rules for Handling Sensitive Personal Information
Section III: Specific Provisions on State Organs Handling Personal Information
Chapter III: Rules on the Cross-Border Provision of Personal Information
Chapter IV: Individuals’ Rights in Personal Information Handling Activities
Chapter V: Personal Information Handlers’ Duties
Chapter VI: Departments Fulfilling Personal Information Protection Duties and Responsibilities
Chapter VII: Legal Liability
Chapter VIII: Supplemental Provisions