After three revisions, China’s Personal Information Protection Law (PIPL), which has received much attention abroad, will come into force on November 1, 2021. It comprehensively protects personal data, going beyond the European General Data Protection Regulation (GDPR) – a milestone in Chinese legal history.
Take Big Data price discrimination, for example: it refers to the behavior of personal data processors who analyze consumers’ personal data to build a profile. They use algorithms to accurately assess and predict each consumer’s willingness to pay, and set different prices for identical goods or services for different consumers.
The PIPL now clarifies that data processors using personal data for automated decision making must be transparent about their decision making and ensure fair outcomes. They must not treat individuals unreasonably differently with respect to transaction prices and other transaction terms.
App example: to address the misuse of personal data by an app, the PIPL has strengthened the specific provisions for protecting personal data in an app. The law imposes strict legal liability for personal data breaches. Controllers can face greatly increased fines or can be forced to suspend service. In extreme cases, apps that process personal data in violation of the law can be removed from the market altogether by the authorities.
For all companies operating in China, the key now is to understand the requirements of the Personal Information Protection Law in detail in order to be able to take and substantiate appropriate measures.