On August 20, 2021, the Standing Committee of China’s National People’s Congress passed the Personal Information Protection Law, which will take effect on November 1, 2021.
The law sets forth a regulatory framework which will clarify the concepts of personal Information, sensitive personal information, personal information processing entities, automated decision making, de-identification and anonymized information.
The Personal Information Protection Law establishes the protection of personal information in terms of scope of application, basic principles of personal information processing, cross-border data transfer and obligations of the entities involved in processing activities.
Concerning the scope of application, the law applies to the activities of handling the personal information of natural persons within the borders of the People’s Republic of China, where such processing is undertaken outside the territory of China under circumstances related to the provision of products or services and for the analysis of assessing the behavior of natural persons located within China. The information generated in digital marketing operations involving domestic individuals shall be stored on domestic servers in accordance with the principle of localization. If it is necessary to process such information abroad, foreign companies are bound to establish a dedicated entity or appoint an agent or designated representative in China to be responsible for dealing in related matters which will be reported to the relevant government departments (cross-border data transfer).
The law also defines the basic principles for handling personal Information, a process which must observe the principle of legality, propriety, necessity, and sincerity and shall be limited to the smallest scope for realizing the handling purpose.
The PIPL stipulates specific obligations for special processing activities, including joint processing and entrusted processing. As for joint processing, the law imposes joint and several liability on joint processors if the activities or two or more processing entities infringe upon personal information rights and interests and result in damages. While, in the case of entrusted processing, the Personal Information Protection Law establishes that the processor must supervise the activities of the third party entrusted to process personal information, while the third party is required to undertake necessary measures to protect personal information in accordance with the PIPL and to assist the processor to comply with the law.
original source of the article: https://dlab.uniclick.com/interpretation-and-guidance-of-the-personal-information-protection-law/
Which came first? Media or Creative?
Google Mapped the intersection of "Strategy and Creative". Couldn't find it.
Spot Plans are like Quantum Dots. They're always in a state of flux