China
China
Introduction
Governing Data Protection Legislation 2.1. Overview of principal legislation The CSL came into effect on June 1, 2017, becoming the first national legislation to address data privacy protection in China. The principles and general obligations regarding personal data protection are laid down in the CSL. The DSL came into force on September 1, 2021. The DSL aims to regulate data processing activities (including personal data), guarantee data security, and promote the development and utilization of data. The PIPL went into effect on November 1, 2021, becoming the first national law on personal data protection in the PRC. The PIPL aims to protect the rights and interests of personal data, regulate personal data processing activities, and promote reasonable use of personal data. The PIPL acts as an enhancement and clarification of China’s earlier personal data laws and regulations, not as a replacement.
China’s legal framework for privacy and data protection is comprehensive, built upon a layered system of laws and regulations. At its core are the “Three Fundamental Laws”: the Cybersecurity Law (“CSL”), the Data Security Law (“DSL”), and the Personal Information Protection Law (“PIPL”). The Three Fundamental Laws are further elaborated and supplemented by specialized regulations. Beyond the special legislation on data protection, other laws also contribute to privacy and data protection. Notably, the Civil Code includes provisions consistent with the Three Fundamental Laws,
strengthening the legal foundation. Data protection statutes are also scattered in other specialized regulations, including the Criminal Law, the Consumer Protection Law, the E-commerce Law, and rules regulating technologies such as AI and facial recognition. Contact Us +86 21 3135 8701 www.llinkslaw.com david.pan@llinkslaw.com 19F, ONE LUJIAZUI, 68 Yin Cheng Road Middle, Shanghai 200120 P.R.China
Made with FlippingBook - PDF hosting