As of November 1, 2021 the Personal Information Protection Law (PIPL) entered into force in China. This law has an extraterritorial reach similar to the EU's General Data Protection Regulation and is therefore applicable to companies providing services or selling products in China, eventhough they are processing personal data abroad. The PIPL applies to personal information as soon as a person is identifiable and the collection as well as the storage already suffice to fall under its scope. Entities exporting personal data must inform and obtain the approval of the concerned person and overseas entities recipient of the data must satisfy certain personal information protection standards. A non-compliance with the PIPL can result to monetary sanctions and the company being placed on a governmental blacklist.
Foreign companies with activities in China, with or without physical presence in the country should therefore ensure that their activities are conform to the new law.