China Data Privacy Regulations
Overview
The PIPL works alongside the Cybersecurity Law (CSL) and Data Security Law (DSL) to form China's robust data governance regime.It enforces strict national security reviews, localized data hosting, and significant cross - border transfer hurdles.
Processing of personal information inside China, and extraterritorial application similar to GDPR if targeting Chinese citizens.
Key Rules & Obligations
Breach Notification
Immediately upon discovery of risk or occurrence of a breach.
Maximum Penalties
Up to RMB 50 million or 5% of the preceding year's revenue; potential revocation of business licenses.
Data Transfers
Highly stringent. Requires CAC security assessment, standard contracts, or personal information protection certification depending on data volume.
Individual Rights
- •Close to GDPR rights
- •Right to withdraw consent
- •Right regarding automated decision-making
- •Rights of deceased persons
Enforcement Authority
Cyberspace Administration of China (CAC)
Contact: N/A
Notable Breaches in China
| Company | Year | Records Exposed | Regulation Violated |
|---|---|---|---|
| Didi Chuxing | 2022 | Unknown (Penalized for illegal collection) | PIPL / CSL / DSL |
| Shanghai Police App | 2022 | 1,000,000,000 | Unknown |
Official Sources
- CAC Official PressVerified: 2024-03-01
Frequently Asked Questions
Is PIPL stricter than GDPR?
In terms of national security, data localization, and cross-border data transfer, PIPL is significantly stricter. It also strongly emphasizes "separate consent" for actions like sharing data abroad.
Can foreign companies transfer data out of China?
Yes, but it requires passing a CAC security assessment or registering standard contracts, a process known to be administratively heavy and rigorous.
What happens if a company violates the PIPL?
Fines can reach 5% of annual revenue, matching GDPR scale, but authorities can also directly suspend business operations or block digital services entirely.
Last updated: March 5, 2026
Notice an error? Report a correction