Updates on Personal Information Protection You Should Know!

08 October 2022

The China-Italy Chamber of Commerce (CICC) together with its Intellectual Property Working Group (IPWG) addressed key issues of the Personal Information Protection Law (PIPL) in a 45 Minutes conversation with three of our IP Experts.

The event “Interview with IP Experts: Regulatory Updates on PIPL" was held on September 29th.

Our guest speakers addressed questions on new developments in security assessment and standard contracts, best practices of the new rules, and potential conflicts between PIPL and GDPR (General Data Protection Regulation). 

Our first expert Joe Liu, Partner at Watson & Band Law Offices, provided insight on security assessment and standard contracts.

Q1: Are there many levels of security assessment that are possible to provide for a company, and what are the differences among the different levels?             
 "The content of the security assessment is regulated in Security Assessment Measure very clearly. According to the Measure, there is no different level of security assessment that applies to different companies. However, based on a different scope, scale, purpose etc. of information cross-border provision, the content of the documents submitted by the processors may differ case by case."

Our second expert Charles (Chao) Feng, Senior Partner and Attorney-at-Law at Tahota, analyzed the general principles of the best practice for processing Personal information (“PI”).

Q2: What are the critical points of PIPL compliance?
"There are 5 critical points companies should pay attention to: Internal regulation, Classification of PI, Measures including De-identification and Encryption, Operational scope and conduct training and Emergency measures."

Our third expert Bruce Chen, Director of Legal Department and Lawyer at PKF, focused on PIPL vs GDPR and discussed solutions for companies.

Q3: What would be a possible solution to comply with PRC PIPL and lower down the compliance costs for Italian companies?
"My suggestion to Italian Companies is first trying not to be the data processor; either choose to outsource data processing to third parties or shift the legal responsibilities to Chinese business partners, including JV partner, vendor, and supplier partners. Switch forwardly collection mode to passively receiving mode and try to anonymize the PI to be processed as anonymized PI would not be deemed as PI under PIPL."

The experts were interviewed by our IPWG Coordinator, Mr Carlo Geremia. 

 

 

Copyright ©2016 by China-Italy Chamber of Commerce
Website Maintenance China | flow.asia
京ICP备06006969号-1

Join the Chamber as New Member

Be part of a network of over 500 Italian and Foreign companies in China and abroad. Gain greater exposure through sponsorships, collaboration opportunities and advertising on the CICC's website.

Learn More