This piece of legislation has profound implications for any type of business, particularly where a large amount of information (including personal information) and cross-border transfer of data many be involved. The e-commerce sector will be as such one of the business sectors that will be most affected by the PIPL.
Similar to the European General Data Protection Regulation (GDPR), the PIPL imposes restrictions on how personal data should be handled, and its extraterritorial effects extend to anyone providing goods and services to people in China or anyone analyzing the activities of people within China. But the PIPL also solidifies China’s unique perspective towards separate consent requirements, data localization and cross-data border transfers.
Companies engaging in online retail business in China (including online sellers and e-commerce platform operators) need to grapple with the implementation of the PIPL and should:
- Have a clear understanding of the type of information necessary for online shopping; adopt a transparent privacy policy stipulating a clear and reasonable purpose for the collection of consumers data.
- Have an appropriate consent mechanism embedded in websites/mobile applications (e.g. set up popup windows to obtain separate consent).
- Comply with the stringent requirements for data exportation before transferring customer data to overseas affiliates.
- Implement appropriate data protection and cybersecurity clauses in the agreements with service providers; disclose sufficient information of third party service providers in their privacy policies (e.g. information of the SDK service provider deployed on websites or mobile applications).
- Establish an internal data protection compliance policy.
The PIPL is mostly drafted in general terms, and will have to be supplemented by detailed implementing rules. At present, it is therefore hard to assess how to fully achieve compliance with the new regime, in the absence of detailed implementing legislation and guidance from the Chinese authorities. It will be essential to watch out for any new developments in this area and seek proper guidance on the interpretation of these new rules.
Authored by Sherry Gong, Tong Zhu, Flora Feng.