FIA and GFMA wrote in support of a draft law in China to establish reasonable and proportionate mechanisms to safeguard personal information. Personal information is pivotal to the business of our members, and concomitant protections on the collection and processing of such information are essential to the integrity of financial markets and customer, and business confidence more broadly.
At the same time, the draft law casts a broad net. In certain instances, the new law is difficult to interpret in practice and could be open to interpretation where possibly unintended. Its interaction with existing legal and regulatory requirements and expectations – in particularly the Cybersecurity Law and the Data Security Law (draft) – is also unclear. The draft law will inevitability impact the business operations of financial institutions in many ways. However, the PIPL as currently drafted is broadly worded, has extraterritorial application and lacks specific guidance in key areas of concern. These give rise to uncertainties to participants in financial institutions.
