Blog / Comparing the China's PIPL vs. The EU's GDPR 2022

Comparing the China's PIPL vs. The EU's GDPR 2022

The PIPL is often likened to the GDPR, as the China-government equivalent of EU regulation. This article highlights some key similarities and differences between the two documents. 

This guide is for informational purposes only, and does not constitute professional legal advice. Consult independent legal advice for information specific to your circumstances. Chinafy is not liable to you in any way for your use of or reliance on this information. 

Key Similarities between the PIPL & the GDPR

Both relate to the collection, storage, use, processing, transmission, provision, public disclosure, deletion and any operation which is performed on personal information. 

Both are extraterritorial and thus applies for offshore controllers

Both require Data Protection Impact Assessments in certain situations

Both have a data breach notification requirement

Both define personal data as involving identifiable & identified natural persons

Both consider special protections for sensitive data1

Both include the following rights:

Right to access

Right to correction and or rectification

Right to information 

Right to withdraw consent

Right to data portability2

Right to object and restrict the processing of an individual's data

Right to erasure

Key Differences between the PIPL & the GDPR

Unlike the GDPR and other jurisdictions, the PIPL does not distinguish between business and personal data. Therefore identifiable business contact information that is collected (e.g. contact person’s name) will fall into the parameters of the 

personal information definition under Chinese law.

Unlike the GDPR, the PIPL does not provide “legitimate interests” as a lawful basis to process personal information. See section on Legal Basis for the grounds covered.

PIPL requires additional separate consent for processing activities if a processing entity i) shares personal information with other processing entities; (ii) discloses personal information publicly; (iii) processes sensitive personal information; or (iv) transfers personal information overseas.

Unlike the GDPR, the PIPL lacks precise GDPR language addressing personal information rights, including exemptions or where certain restrictions may apply.

Naming Convention: GDPR’s “Controller” & the PIPL’s “Personal Information Processor” The GDPR’s definition of “controller” is akin to the PIPL’s “Personal Information Processor (PIP)” defined as an individual or organisation that determines the purposes and means of the processing of personal information in relation to personal information processing activities.

References

Sensitive Data is defined similarly between both regulations. However, the PIPL's definition is broader when it comes to defining sensitive data. China's PIPL defines personal information as data which can identify a person, but Article 4 specifically makes an exception for anonymised information. For examples, please visit this article.

PIPL states that this is subject to certain conditions. For more information, please This Overview on the PIPL.


Don't get left behind.
Optimize your website for the world's fastest-growing consumer market. Start today, cancel anytime.
Make your website work in China
Enter in a few details and one of our Chinafy team members will reach out to you shortly with a plan and next steps to 'Go Live' in China.
Which website do you want to Chinafy?
Tell us your name?
What best describes your company role?
What's your Work Email Address?
What would you like to discuss?
Have a discount code?
By clicking 'Get Started', I also agree to Chinafy's Terms of Service & Privacy Policy.
close
Thanks for getting in touch!
One of our China experts will be in touch with you via email within the next 24 hours with

1 - Expected post-Chinafy results
2 - Your Custom Plan
3 - Next steps.

P.S. Make sure to check your promotions inbox in case our message lands there.
Please feel free to check out our case studies or blog in the meantime.
[[embed: get started form inline type]]

Related Stories

Load More
×

Notey will use the information you provide on this form to be in touch with you and to provide updates and marketing. Please let us know all the ways you would like to hear from us:

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at community@notey.com. We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.