Sign up to save your podcasts
Or
Share Carol Sun | China's updated privacy framework: What should you be thinking about?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Carol Sun | China's updated privacy framework: What should you be thinking about?
China is poised to significantly update its current data-protection framework with a key new law: the PRC Personal Information Protection Law ("PIPL"). These new regulations will undoubtedly impact multinationals operating in the PRC. Carol Sun, from Yuanda, explains what you should start thinking about now.
Related article: Cross-Border Data Transfers Under the New PRC Data Protection Regime
More on Carol Sun.
SPEAKERS
Carol Sun (Yuanda), Wayne Stacy
Wayne Stacy 00:00
Welcome, everyone. This is Wayne Stacey, the executive director of the Berkeley Center for Law and Technology. Today we have with us Carol Sun from the law firm of Yuanda. They are a Chinese law firm that is in the strategic alliance with Winston strong here in the United States. And Carol Sun is an expert in the new laws that are coming online set in early September in, in PRC related to privacy and data regulation. So Carol, thank you for joining us today.
Carol Sun 00:39
Thank you so much Wayne, It's my pleasure.
Wayne Stacy 00:43
Well, Carol, what I wanted to do was just go through and give the audience a background and an understanding of what's happening. Because it's a it's a new subject for a lot of people. So in particular, there's a new law coming online in September, referred to as the Personal Information Protection Law. Can you tell us what it is and how it is similar or different from other privacy laws like GDPR?
Carol Sun 01:12
Sure, I can not sure whether this P IPO we did the full name of the law is the PRC Personal Information Protection Law will come into force September or later, but other people anticipate this law will come by the end of this year. So this personal information protection law is from some Chinese people's view is a Chinese person GDPR. So if we talk about the GDPR, people understand that it is almost the stringent law to protect the personal information, and also the privacy. I think this Chinese version PRPO borrowed a lot of concepts, and also the rise of the personal information subjects from GDPR. For example, this law grabbed a lot of rights, for example, the rise of a deletion, the rise of the revision, and also asked for the subject to always have the rights to say no to withdraw their rights without their consent for the data processing. And also this Chinese law also borrows some data cross border transfer mechanism. For example, this law also have some mechanism like the standard contract clauses. That is, from our view that there will be one of the main mechanisms for the company's transferred some personal information from China to the overseas. Also for the penalty perspective, I think based on my understanding, it is one of the few laws have a very high mandatory penalties. This personal information protection law also have the similar concept compared with GDPR. For example, the Harris the mandatory penalty is a 50 million RMB or the 5% of last year's global turnover. So this is quite high if the company has some violation to the law. But it's not the situation that any violation to law will trigger this kind of a high mandatory penalty, but some also other penalties like the administration level and also some, even the criminal level depends on the severity of the violation. So I think that is this P IPO has a very similar concept with GDPR and also constitute another side in the whole data protection legal framework in China.
Wayne Stacy 04:02
How will the PRC go
View all episodes
By Kelly TorresChina is poised to significantly update its current data-protection framework with a key new law: the PRC Personal Information Protection Law ("PIPL"). These new regulations will undoubtedly impact multinationals operating in the PRC. Carol Sun, from Yuanda, explains what you should start thinking about now.
Related article: Cross-Border Data Transfers Under the New PRC Data Protection Regime
More on Carol Sun.
SPEAKERS
Carol Sun (Yuanda), Wayne Stacy
Wayne Stacy 00:00
Welcome, everyone. This is Wayne Stacey, the executive director of the Berkeley Center for Law and Technology. Today we have with us Carol Sun from the law firm of Yuanda. They are a Chinese law firm that is in the strategic alliance with Winston strong here in the United States. And Carol Sun is an expert in the new laws that are coming online set in early September in, in PRC related to privacy and data regulation. So Carol, thank you for joining us today.
Carol Sun 00:39
Thank you so much Wayne, It's my pleasure.
Wayne Stacy 00:43
Well, Carol, what I wanted to do was just go through and give the audience a background and an understanding of what's happening. Because it's a it's a new subject for a lot of people. So in particular, there's a new law coming online in September, referred to as the Personal Information Protection Law. Can you tell us what it is and how it is similar or different from other privacy laws like GDPR?
Carol Sun 01:12
Sure, I can not sure whether this P IPO we did the full name of the law is the PRC Personal Information Protection Law will come into force September or later, but other people anticipate this law will come by the end of this year. So this personal information protection law is from some Chinese people's view is a Chinese person GDPR. So if we talk about the GDPR, people understand that it is almost the stringent law to protect the personal information, and also the privacy. I think this Chinese version PRPO borrowed a lot of concepts, and also the rise of the personal information subjects from GDPR. For example, this law grabbed a lot of rights, for example, the rise of a deletion, the rise of the revision, and also asked for the subject to always have the rights to say no to withdraw their rights without their consent for the data processing. And also this Chinese law also borrows some data cross border transfer mechanism. For example, this law also have some mechanism like the standard contract clauses. That is, from our view that there will be one of the main mechanisms for the company's transferred some personal information from China to the overseas. Also for the penalty perspective, I think based on my understanding, it is one of the few laws have a very high mandatory penalties. This personal information protection law also have the similar concept compared with GDPR. For example, the Harris the mandatory penalty is a 50 million RMB or the 5% of last year's global turnover. So this is quite high if the company has some violation to the law. But it's not the situation that any violation to law will trigger this kind of a high mandatory penalty, but some also other penalties like the administration level and also some, even the criminal level depends on the severity of the violation. So I think that is this P IPO has a very similar concept with GDPR and also constitute another side in the whole data protection legal framework in China.
Wayne Stacy 04:02
How will the PRC go