On August 20, 2021, the long-awaited Personal Information Protection Law (PIPL) was approved by the Standing Committee of the National People's Congress after its third official reading, becoming the first general law dedicated exclusively to personal information in the People's Republic of China. The PIPL came into force on November 1, 2021 and has a vacatio legis (period that allows it to become widely known before taking legal effect) of less than three months, giving organizations very little time to comply with it.

The Chinese legal landscape dedicated to data protection and privacy is complex. This is because, as with Brazilian law on the matter, the PIPL must be understood and interpreted as part of a system, and not as an isolated law. It is only the most recent piece of legislation in a set of laws and regulations established by the Chinese government to contribute to the security of its people. Therefore, when dealing with personal information in China, it must be ensured that other legislation, which can be applied in almost any scenario, such as the Civil Code and the Constitution, is also followed.

Since the rise of new technologies, relationships and connections between people and between people and things have changed significantly and given rise to a hyper-complexity of contemporary social conflicts [1]. These conflicts, in turn, have triggered new and complex legal repercussions, such as those involving the treatment and transfer of personal data and information to a high level. Faced with this digital era, the position adopted by the Chinese legislator could not be any different: as a hyperconnected society develops with a huge flow of information, the law evolves precisely to embrace these innovations.

The PIPL assumes a very important legal role, since the intention of the Chinese Congress, with its wording, was to make all questions about personal information more general. For this reason, since the law took effect, China has become one of the countries with the strictest regulations on personal information protection.

In sum, the law has many similarities with data protection laws in other countries, such as the Brazilian General Data Protection Law (LGPD) and the European General Data Protection Regulation (GDPR). In this sense, for example, it is possible to note the existence of a closer dialog between the guiding principles, the treatment activities and the concern for the genuine interests of individuals. On the other hand, while the Brazilian and European legislations address privacy as something central to their texts, the PIPL does not deal directly with it, since, for Chinese legislation, privacy (隐私) has a separate concept [2].

The PIPL also differs from foreign laws in terms of its singularities regarding national security, especially in relation to the location and international transfer of personal data [3]. This strictness regarding cross-border data transfers is evident, since the legislator's decision was to allow treatment operators working in the country to transfer personal data internationally in certain circumstances only if they pass a security assessment by a government department, which is the Cyberspace Administration of China (CAC).

Objectively, the core of the Chinese regulations here is not only the protection of individuals and society, but also national security and interests in the case of damages resulting from the inappropriate treatment of information by big companies, either in the country or anywhere in the world.

China is, above all, the world's largest internet user since 2008 [4] and a leader in several segments that engage with new market technologies, such as the development of the Internet of Things (IoT) and electronic commerce. However, social isolation and other factors resulting from the pandemic have revealed and catalyzed an unprecedented flow of information [5]. In addition, connection through digital communication platforms - whether social networks, shopping sites or blogs - has become almost integral across the planet and, of course, it has been no different in China.

This digital and virtual side, which was established, set and finally polished during the pandemic, then became a decisive factor in Chinese society for the configuration of a solid communicational symbolic space, known as cyberspace. This cyberspace, according to Pierre Lévy, is "the communication space opened up by the worldwide interconnection of computers and computer memories" [6]. The great characteristic of this place is the non-stop flow of communication generated by the increasing inflow and outflow of information that occurs daily through various portals on the Internet network.

The PIPL, thus, emerges not only opportune but also strategic, addressing the need for proper regulation in the current data surge in the Chinese cyberspace. The law responds to numerous damages caused by security incidents, such as mass abuse of personal information and unauthorized access leading to data destruction, loss, alteration, or leakage.

Beyond the recent law, other key elements in China's political-legal model include the 1982 Constitution, marking a pivotal step in building a genuine Chinese legal system. Considering China's increasing global economic significance and leadership role, several significant legal milestones occurred, including WTO accession in 2001, the Cyber Security Law (CSL) in 2017, the launch of the Personal Information Security Specification (PISS) pilot in 2020, and the adoption of the Civil Code in 2021, featuring a dedicated chapter on personal information protection. The PIPL, in essence, solidifies potent regulatory norms on personal information flow.

These actions represent new strategies taken by the Chinese government to fill a legal gap, effectively develop the country's legal system, align with global discussions, and protect citizens' rights amid big tech dominance in data processing. As China becomes data-driven and hyperconnected, its legislation adapts to address societal concerns.

Chinese technological progress now relies on the law as a valuable ally, protecting data subjects, providing guidance, and sanctioning non-compliance with information security and communication regulations. The law becomes the Communist Party of China's most significant tool in the era of Industry 4.0.

The Party strengthens its position using legislation for regulatory pressure on national and international actors, safeguarding China's public stability, and striving for "common prosperity". This approach ensures that the handling of vast Chinese information, stemming from hyperconnectivity, remains non-abusive. Major corporations, acting as information operators, should not exploit this wealth without complying with the legal control parameters set by the country.

References

[1] "Complexity affects not only the structure of society and economic activities [...], but also citizens in their various daily activities." It goes on to say: "This state of affairs has generated some important consequences, with a) the frightening increase in conflicts of interest, many of which have a collective configuration due to the fact that they affect, at the same time, the sphere of interests of a large number of people, b) the impossibility of being aware of the existence of a right, especially on the part of the humblest layer of the population, and c) the impossibility of critically evaluating the country's legal system, which is only feasible through permanent research carried out by specialists from various fields and aimed at gauging the adequacy between the legal order and the socio-economic reality for which it is intended." WATANABE, Kazuo. Acesso à justiça e sociedade moderna. In: Participação e processo. São Paulo: Revista dos Tribunais, 1988. p. 132.

[2] LEE, Alexa; SHI, Mingli; CHEN, Quiheng; P. HORSLEY, Jamie; SCHAEFER, Kendra; CREEMERS, Rogier; WEBSTER, Graham. Seven Major Changes in China’s Finalized Personal Information Protection Law. DigiChina, 2021. Available at: https://digichina.stanford.edu/.

[3] The legislator chose to dedicate a chapter of its own to the subject, Chapter III, entitled Rules on the Cross-Border Provision of Personal Information. Chapter IV also deals with agents who process Chinese data outside China's borders. See: “Article 53: Personal information handlers outside the borders of the People’s Republic of China, as provided in Article 3, Paragraph 2, of this Law, shall establish a dedicated entity or appoint a representative within the borders of the People’s Republic of China to be responsible for matters related to the personal information they handle, and are to report the name of the relevant entity or the personal name of the representative and contact method, etc., to the departments fulfilling personal information protection duties and responsibilities.” DigiChina, 2021. Available at:https://digichina.stanford.edu/.

[4] REUTERS. China becomes world's largest Internet population. Reuters, 2008. Available at: https://www.reuters.com/article/us-china-internet-idUSPEK34240620080424.

[5] International Internet traffic rose by 48% from 2019 to 2020, and international phone call minutes increased by 20% in March compared to the same month last year. International e-commerce sales of products soared by 53% in the second quarter of 2020. Data and domestic calls have also grown significantly during the pandemic. Research report "COVID-19 Cross-border Ecommerce Trading Implications". Globe-e, 2021. Available at: https://www.global-e.com/en/resource/covid-19-cross-border-ecommerce-trading-implications/.

[6] LÉVY, Pierre. Cibercultura. Tradução de Carlos Irineu da Costa. 1ª ed. São Paulo: Editora 34, 1999. p. 92. Apud BARRETO, Ricardo de Macedo Menna. Ciberespaço, Globalização e Novas Tecnologias: (Re)Pensando as Relações entre Cidadania e Administração Pública em um Contexto de Formação da Ciberdemocracia. Revista de Estudos Jurídicos, ano 15, n. 22, 2011.

[7] BIAZI, João Pedro de Oliveira de (Org.); QIAN, Larissa Chen Yi (Trad.). Código Civil Chinês. 1ª ed. São Paulo: Edulex, 2021. p. 24.

[8] HU, Yiming “Ben”. China’s Personal Information Protection Law and Its Global Impact. The Diplomat, 2021. Available at: https://thediplomat.com/2021/08/chinas-personal-information-protection-law-and-its-global-impact/.

[9] HSU, Sara. China’s Regulatory Clampdown on Big Tech. Institute of China-America Studies, 2021. Available at: https://chinaus-icas.org/.

The opinions expressed in this article do not reflect the institutional position of Observa China 观中国 and are the sole responsibility of the author.