← Back to all briefings
Data Strategy 6 min read Published Updated Credibility 40/100

China releases draft Personal Information Protection Law

China’s National People’s Congress published the draft Personal Information Protection Law (PIPL) on 21 October 2020, proposing GDPR-style consent rules, cross-border transfer approvals, and steep penalties that would reshape multinational data flows into and out of China.

Kodi C.

Editor & Research Lead

Accuracy-reviewed by the editorial team

Data strategy pillar illustration for Zeph Tech briefings
Data strategy, stewardship, and privacy briefings

On 21 October 2020, China’s National People’s Congress released the first draft of the Personal Information Protection Law (PIPL). The proposal consolidates scattered privacy rules into a single national law with explicit legal bases, extraterritorial reach, and prescriptive cross-border data transfer controls. It complements the Cybersecurity Law and Data Security Law, creating a three-part data governance regime for domestic and foreign companies operating in China.

What to do now

  • Assessment requirement: Evaluate current practices against the updated requirements outlined in this analysis.
  • Documentation update: Review and update relevant policies, procedures, and technical documentation.
  • Stakeholder communication: Brief affected teams on timeline implications and resource requirements.
  • Compliance verification: Schedule internal review to confirm alignment with guidance.

Similar analysis

Additional analysis covering similar themes.

Continue in the Data Strategy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Data Strategy Operating Model Guide

    Design a data strategy operating model that satisfies the EU Data Act, EU Data Governance Act, U.S. Evidence Act, and Singapore Digital Government policies with measurable…

  • Data Interoperability Engineering Guide

    Engineer interoperable data exchanges that satisfy the EU Data Act, Data Governance Act, European Interoperability Framework, and ISO/IEC 19941 portability requirements.

  • Data Stewardship Operating Model Guide

    Establish accountable data stewardship programmes that meet U.S. Evidence Act mandates, Canada’s Directive on Service and Digital, and OECD data governance principles while…

Coverage intelligence

Published
Coverage pillar
Data Strategy
Source credibility
40/100 — low confidence
Topics
China · Cross-Border Transfers · Consent · Localization · Privacy
Sources cited
3 sources (npc.gov.cn, cac.gov.cn, iso.org)
Reading time
6 min

Further reading

  1. NPC — Draft Personal Information Protection Law (First Draft)
  2. CAC Briefing on PIPL Draft
  3. ISO 8000-2:2022 — Data Quality Management — International Organization for Standardization
  • China
  • Cross-Border Transfers
  • Consent
  • Localization
  • Privacy
Back to curated briefings

Comments

Community

We publish only high-quality, respectful contributions. Every submission is reviewed for clarity, sourcing, and safety before it appears here.

    Share your perspective

    Submissions showing "Awaiting moderation" are in review. Spam, low-effort posts, or unverifiable claims will be rejected. We verify submissions with the email you provide, and we never publish or sell that address.

    Verification

    Complete the CAPTCHA to submit.