China’s new privacy law, which takes effect in November, will have far-reaching implications for how companies that do business in the country handle cross-border data, possibly helping Beijing establish global standards for data management, according to legal experts.
Under China’s Personal Information Protection Law (PIPL), previously standard business operations such as sending mainland Chinese client data to regional head offices in Hong Kong or Singapore could be subject to strict protocols and regulatory reviews. Through multiple laws and regulations passed in recent years, Beijing is setting up a data regime that, in some cases, could be mutually incompatible with laws in the US and Europe, throwing multinationals into a hazardously fragmented legal landscape.