Last week, the EPC joined a cross-industry letter presenting our concerns over provisions laid out in the draft Chinese Personal Information Protection Law (PIPL).
Addressed to the Chinese National People's Congress, the letter outlines particular concerns on data localisation requirements, including:
the requirement of critical information infrastructure operators and personal information processors transferring "personal information reaching quantities provided by the State Cybersecurity and Information Department" to be stored in China, Article 40 in the draft PIPL,
limitations on the cross-border transfers of personal data in form of data localisation or other highly restrictive requirements, which do not advance data protection goals, and
implementation of security measures by companies that are responsible data managers may also be negatively impacted by data localisation.
Meanwhile, the EPC and the other signatories welcome the suggestions on protection of personal information for cross-border data transfers.
To read the letter in entirety, see below.