PIPL vs. LGPD: China and Brazil’s personal information and data protection laws
New material from Mattos Filho addresses similarities and differences between Brazil and China’s data privacy laws
On August 20, 2021, the People’s Republic of China approved the Personal Information Protection Law (PIPL), marking the country’s first attempt to regulate information collection, storage, transfer, and overall information processing. As China previously lacked comprehensive legislation regarding personal information and data protection, the new law is set to significantly impact all companies and institutions operating within its national borders.
Inspired by the European Union’s General Data Protection Regulation (GDPR), the PIPL provides for restrictions on collecting, transferring, and processing personal data, which companies both inside and outside China will need to address. With the PIPL expected to take effect on November 1, 2021, companies face a fairly short timeframe to adapt to the new rules.
First taking effect a little over one year ago, Brazil’s General Data Protection Law (LGPD) also imposes several restrictions on processing personal data, both in regard to subjects located in Brazil and to data processed within the country’s borders. As such, to continue processing the data of subjects in Brazil and China, companies conducting business in these locations will have to ensure they comply with both pieces of legislation.
To assist with this issue, Mattos Filho has developed new material covering the main similarities and differences between the PIPL and the LGPD, clarifying what each law sets forth regarding personal data protection.
This material has been prepared by Mattos Filho, Veiga Filho, Marrey Jr e Quiroga Advogados for informational purposes only, and is not intended nor should it be construed as legal advice. Mattos Filho, Veiga Filho, Marrey Jr e Quiroga Advogados’ attorneys are only licensed to practice law in Brazil.