Citizens’ Data Privacy in China: The State of the Art of the Personal Information Protection Law (PIPL)

The Personal Information Protection Law (PIPL) was launched on 1 November 2021 in China. This article provides a state-of-the-art review of PIPL through a policy analysis. This paper aims to compare the three main worldwide data privacy paradigms that exist at present: (i) the General Data Protection Regulation (GDPR) in the E.U., (ii) the California Consumer Privacy Act (CCPA) in the U.S., and (iii) PIPL in China. The research question is twofold: (i) how will PIPL affect the data privacy of Chinese citizens and consequently, (ii) how will PIPL influence the global digital order, particularly paralleling the existing GDPR and CCPA? In the first section, this article introduces the topic of data privacy as a global concern, followed in the second section by an in-depth policy context analysis of PIPL and a literature review on privacy that elucidates in particular the impact of the Social Credit System (SCS). In the third section, a comparative benchmarking is carried out between the GDPR, CCPA, and PIPL. Methodologically, policy documents around PIPL will be analyzed. In the fourth section, the case study of Shenzhen will be examined by undertaking a multi-stakeholder analysis following the Penta Helix framework. The article concludes by responding to the research questions, acknowledging limitations, and presenting future research avenues.