What China’s Personal Information Protection Law means for marketers

The news: On Friday, the Chinese government passed the Personal Information Protection Law (PIPL), a data privacy law aimed at protecting consumers’ data from private companies, per Reuters. PIPL will take effect on November 1, 2021.

  • The law bears many similarities to the EU’s General Data Protection Regulation (GDPR), namely that companies must limit their data collection and obtain consent for the data they do still collect.
  • But unlike the GDPR, it only protects consumers’ data from the private sector—the government will still have full access, a provision that’s been criticized by privacy advocates worldwide.

What it means for Big Tech: The new laws could help data-sharing relationships between private-sector international players run more smoothly, both for worldwide companies operating in China and for Chinese companies operating globally.

  • For example, in March, several big Chinese tech companies like Tencent and TikTok owner ByteDance were found to be developing a mobile identifier called the CAID.
  • While the CAID was up to Chinese data privacy standards, it directly contradicted Apple’s privacy update, which limited advertiser use of its Identifier for Advertisers (IDFA).
  • That put Apple in a tight spot: either cave to CAID and give advertisers in China an unfair advantage over those in other markets or cut out China altogether.
  • But with the PIPL now bringing China’s privacy laws up to speed with international standards, there’s likely to be more alignment in the private sector about what data is OK to collect and use.

What it means for marketers: More alignment also means clearer guidelines for marketers and advertisers operating internationally.

  • Some marketers are still struggling to comply with standards that differ from country to country, or even state to state in the US.
  • Though adapting to the PIPL will certainly be tough at first, the more major governments that agree on updated privacy guidelines, the easier it will be on marketers in the long run.
  • “Companies have had at least a couple years to prepare for this, so it shouldn't come as a surprise,” said Man-Chung Cheung, eMarketer senior researcher at Insider Intelligence.

What it means for consumers: A GDPR-like privacy protection has also been long-awaited by China’s consumers.

  • Among all countries measured in an October 2021 survey by Cisco, consumers in China felt most positive toward privacy laws: Of those who were aware of the country’s 2017 Cybersecurity Law, the vast majority (80%) felt it had a positive impact.

The bottom line: Though the government-related provisions are certainly a hitch, the PIPL does provide consumers in China with EU-level data protections in the private sector and should also help Chinese companies better collaborate with international companies on privacy-related matters.

"Behind the Numbers" Podcast