On October 21, 2020, the website of the National People's Congress (www.npc.gov.cn) published the full text of the Personal Information Protection Law of the People 's Republic of China (Draft) (hereinafter referred to as “draft PIPL") and solicited public opinions.
As the first special law on personal information protection in China, the draft Personal Information Protection Law will have significant impact on the activities of organizations and individuals dealing with personal information. The draft PIPL focuses on "personal information processing activities", clarifies the scope of application, the definition of personal information and sensitive personal information, the legal basis of personal information processing and the basic requirements of notice and consent. It also clarifies the obligations of the personal information processor and proposes requirements for the handling of personal information by state agencies.
From the perspective of compliance of general business organizations, this article would like to summarize the key points of personal information protection proposed in the draft Personal Information Protection Law and explore the effective path for enterprises to implement personal information protection activities so as to turn challenges into opportunities in the digital era.