China’s Personal Information Protection Law

Daoxin Yin; Xiaojie Li; Ruishuang Liu; Luxia Zhang; Qi-Min Zhan

doi:10.1136/bmj-2022-072619

Editorials

China’s Personal Information Protection Law

BMJ 2022; 379 doi: https://doi.org/10.1136/bmj-2022-072619 (Published 17 October 2022) Cite this as: BMJ 2022;379:e072619

Daoxin Yin, researcher12,
Xiaojie Li, lecturer34,
Ruishuang Liu, associate professor3,
Luxia Zhang, professor125,
Qi-Min Zhan, professor12

¹National Institute of Health Data Science at Peking University, Beijing, China;
²Advanced Institute of Information Technology, Peking University, Hangzhou, China
³Department of Medical Ethics and Law, Peking University Health Science Center, Beijing, China
⁴Department of Situation and Policy, University of International Business and Economics, Beijing, China
⁵Institute for Artificial Intelligence, Peking University, Beijing, China

Correspondence to: L Zhang zhanglx{at}bjmu.edu.cn

Privacy aims must be reconciled with the need for medical research in the public interest

China’s first privacy law, the Personal Information Protection Law, went into effect on 1 November 2021.1 Driven by security and privacy concerns, the law established the legal framework and principles for processing the personal data of people residing within the territory of China. The law shares some of the principles and concepts in the EU’s General Data Protection Regulation (GDPR), although stated in broader terms.

Like GDPR, the Chinese law aims to empower individuals by giving them control over their data. Personal data are defined as “information related to an identified or identifiable natural person recorded electronically or by other means, but do not include anonymised information.”1 Health data, classified as sensitive, must be processed through a rigorously regulated pathway, with clear justification for the proposed use and unambiguous consent. Importantly, while the new law does not cover fully anonymised data, it does apply to data that have been “de-identified” since such data can be reattributed to a particular person through other sources of information.

Unlike GDPR, the Chinese law provides …

View Full Text

See other articles in issue 8358

Article tools

PDF 0 responses

Respond to this article
Print
Alerts & updates
Article alerts
Please note: your email address is provided to the journal, which may use this information for marketing purposes.

Log in or register:

Username *

Password *

Register for alerts

If you have registered for alerts, you should use your registered email address as your username
Citation tools
Download this article to citation manager

Daoxin Yin researcher, Xiaojie Li lecturer, Ruishuang Liu associate professor, Luxia Zhang professor, Qi-Min Zhan professor

Yin D, Li X, Liu R, Zhang L, Zhan Q. China’s Personal Information Protection Law BMJ 2022; 379 :e072619 doi:10.1136/bmj-2022-072619

BibTeX (win & mac)Download

EndNote (tagged)Download

EndNote 8 (xml)Download

RefWorks Tagged (win & mac)Download

RIS (win only)Download

MedlarsDownload

Help

If you are unable to import citations, please contact technical support for your product directly (links go to external sites):

EndNote

ProCite

Reference Manager

RefWorks

Zotero
Request permissions

China’s Personal Information Protection Law

Log in through your institution

Article alerts

Log in or register:

Download this article to citation manager

Help

Forward this page

Content links

About us

Resources

Explore BMJ

My account

Information

Search form

China’s Personal Information Protection Law

Log in

Log in using your username and password

Log in through your institution

Subscribe from £173 *

Article alerts

Log in or register:

Download this article to citation manager

Help

Forward this page

Content links

About us

Resources

Explore BMJ

My account

Information