Last month, the Chinese government passed the Personal Information Protection Law (PIPL), which comes into effect from November 1 2021. While, at first glance, it may seem a bit irrelevant to the UK property sector, just like the GDPR legislation in the UK and EU, the PIPL has extra-territoriality provisions.
The new law had become stalled, in a similar way to the planned new data protection law in India, but was revived in the early part of the summer.
David Smith, partner at JMW Solicitors, said: “It may seem a bit irrelevant to the UK what is happening to personal data in China. However, just like the GDPR in the UK and EU the PIPL has extra-territoriality provisions. In other words, if you are dealing with the data of Chinese residents you must comply with the PIPL, even if you are not based in China.”
He added: “This mirrors the equivalent provisions in the GDPR which state that anyone dealing with EU or UK residents’ data must comply with the GDPR even if they are established in another country.”
Smith argues that this type of provision is becoming more common and has been replicated elsewhere. California, for example, has a similar provision, and Smith says that in a globally connected world it makes little sense to enact a data protection regime that companies can avoid by trading from outside the country.
“More importantly, China has also replicated another important provision from the GDPR, that of data protection representatives,” Smith went on.
“So, if you deal with the data of Chinese residents then if you are not established in China, you must appoint a data protection representative who is. Again, this is the equivalent of similar provisions in the GDPR which require foreign-established firms to have data protection representatives in the UK or EU.”
So, why does this matter to the UK property sector? “Well, because a great many new build developments have units sold to individual investors in China. So, there are developers and estate and lettings agents who specifically cater to and target the Chinese market. Most of them are not formally established in China and use local agents to attract investors. However, that will have to change.”
He added: “An agent who is dealing with Chinese residents as part of their business will need to be established in China or have an appropriate data protection representative who is. Failure to comply can lead to fines being levied in China or blocking of the right to trade which would also mean blocking of that agency’s web presence in China via the national firewall.”
Smith said PIPL is also a powerful example of the increasing international growth and reach in data protection and the need to be sure about the regime that applies in relation to each market you are seeking to operate in. “From November that will also include China,” he concluded.