The GDPR on steroids
China has entered the 21st century privacy race with the Personal Information Protection Law (PIPL), which is essentially the EU’s GDPR on steroids.
Strong on notification and consent, the PIPL requires data handlers to carefully understand their data processing flows, systems, and vendors and to tell individual users, employees, etc. all about them and then get consent for handling their data.
The PIPL also has an open-ended list of “sensitive” data such as medical information, religion, financial, and other data including ALL data for children under 14 years old. This will likely have a major impact on how games and systems that target kids will have to handle their data, as sensitive data requires special risk analyses and explicit consent from parents.
As part of growing data localization trend, the PIPL has very strict requirements on sending data offshore, including separate user consent, local representation, risk analyses, government approvals, and more.
Stay tuned for more on China’s PIPL, including at our site and newsletter.