This week, the final building block of China’s high-level data governance framework, the Personal Information Protection Law (PIPL), went into effect. This follows the implementation of the Data Security Law and Critical Information Infrastructure Security Protection regulations in September and the release of guidelines on data classification and cross-border data transfers in October. This latest development is an opportunity to examine three critical questions around China’s emerging data governance regime: what about data is China most concerned about? What is China doing about it? And what are the implications for foreign firms in China?
