Personal Information Protection Law of the People's Republic of China (PIPL)
Personal Information Protection Law of the People's Republic of China (PIPL)
What is it?
China's PIPL became law in November of 2021. Like the GDPR, the PIPL is designed to help Chinese citizens control what happens to their personal and sensitive information. It gives citizens more power to decide how much data companies can access, and who those companies share that information with.
To view the law yourself, you can find a translated version of the PIPL over at the DigiChina Project from Stanford University.
Does Meetingmax Comply?
Yes. Our GDPR practices also make us compliant with PIPL based on the following reasons:
- MMX has a lawful basis for processing personal data
- Individual consents (via checkbox*)
- Contract can’t be performed without the data
- MMX uses checkboxes to secure PIPL compliant consent
- MMX does not process any sensitive data so there is no requirement for additional consent. If we ever do collect sensitive data (defined below) then we need to secure consent from the attendee a second time. Sensitive data is defined as:
- Racial
- Political
- Sexual
- Health Data
- Financial account information
- Biometrics characteristics
- “any information which may cause material harm to an individual if it's leaked or illegally used”
- Under the PIPL, citizens have the right to:
- Know your data policies (MMX privacy policy & TOS listed on FER)
- Withdraw consent to data processing (attendee can opt not to make a reservation)
- Non-discrimination if they withdraw consent
- Make decisions regarding their data
- Request copies of their data (yes, through our privacy policy)
- Refuse automated profiling
- Amend their data
- Delete their data
- PIPL Obligations:
- Provide a Privacy Policy
- Get consent to sensitive data processing (N/A - see above)
- Help people exercise their privacy rights
- Comply with any relevant authorities
- Complete regular compliance audits
- Protect data and train staff in cybersecurity
Resources: