🇨🇳 Asia-Pacific

Cookie consent in 中国

Consent and privacy law in 中国

In short
中国的《个人信息保护法》(PIPL)自2021年11月起施行,由国家互联网信息办公室(CAC)牵头,内容全面,在某些方面比《通用数据保护条例》(GDPR)更为严格。它要求对特定活动单独取得同意,例如向第三方共享数据、处理敏感个人信息、跨境传输以及公开披露,而不是一次性的捆绑同意。跨境传输面临严格管控,包括安全评估、认证或标准合同途径,并且关键信息基础设施适用数据本地化要求。罚则最高可达5000万元人民币或上一年度营业额的5%,并可能伴随责令停业。告知须使用中文。处理个人信息的Cookie和跟踪技术需要取得同意并提供清晰告知。
Authority
Cyberspace Administration of China (CAC)
Status

Personal Information Protection Law (PIPL) in force since 1 November 2021

Primary law
PIPL
Languages

zh

Who must comply

Organizations that process personal information of individuals in China, including those abroad that handle data to provide products or services to people in China or to analyze their behavior.

Penalties

对于严重违法行为,最高可达5000万元人民币或上一年度营业额的5%

Key obligations

  • Obtain separate consent for sensitive data and cross-border transfers
  • Provide clear notice of purpose, method and scope
  • Honor access, copy, correction, deletion and portability rights
  • Carry out personal information protection impact assessments
  • Meet localization and transfer requirements for large processors

Local guidance

  • 对共享、敏感个人信息和跨境传输分别取得单独同意
  • 采用合规的跨境传输机制
  • 以中文提供告知
  • 针对关键信息基础设施考虑数据本地化要求

How ConsentX helps

  • Explicit opt-in consent capture
  • Separate consent flows for sensitive data and transfers
  • Geo-aware banner for visitors in China
  • Consent receipts and rights workflow
  • Region rule engine tuned for China
Get started free
yoursite.com
🇨🇳 China

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page was machine-translated and may contain errors. Please review the legal details with qualified local counsel before relying on it.

How to comply with China using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under China.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that China requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a China audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

中国《个人信息保护法》下的单独同意是什么?+

《个人信息保护法》要求对某些活动取得独立、具体的同意,例如向第三方共享数据、处理敏感个人信息和跨境传输,而不是用一次捆绑同意涵盖所有事项。

中国如何限制跨境数据传输?+

《个人信息保护法》要求向境外传输须经过安全评估、认证或签订标准合同,并且关键信息基础设施运营者适用数据本地化要求。

Governing law

🇨🇳 PIPL

Other countries in Asia-Pacific

🇮🇳 भारत🇸🇬 Singapore🇹🇭 ประเทศไทย🇯🇵 日本🇰🇷 대한민국🇦🇺 Australia🇳🇿 New Zealand / Aotearoa🇮🇩 Indonesia🇻🇳 Việt Nam🇲🇾 Malaysia🇵🇭 Pilipinas