Last week the People’s Republic of China passed the Personal Information Protection Law (PIPL). It comes into effect from 1 November 2021. This had become stalled, rather like the planned new data protection law in India, but was brought back to life in the early part of the summer.

It may seem a bit irrelevant to the UK what is happening to personal data in China. However, just like the GDPR in the UK and EU the PIPL has extra-territoriality provisions. In other words, if you are dealing with the data of Chinese residents you must comply with the PIPL, even if you are not based in China. This mirrors the equivalent provisions in the GDPR which state that anyone dealing with EU or UK residents’ data must comply with the GDPR even if they are established in another country. This move is becoming more common and has been replicated elsewhere, California has a similar provision as well for example. However, China has also replicated another important provision from the UK and EU GDPR, that of data protection representatives. So, if you deal with the data of Chinese residents then if you are not established in China you must appoint a data protection representative who is. Again, this is the equivalent of similar provisions in the GDPR which require foreign-established firms to have data protection representatives in the UK or EU.

So why does this matter to the UK property sector. Well, because a great many new build developments have units sold to individual investors in China. So there are developers and estate and lettings agents who specifically cater to and target the Chinese market. Most of them are not formally established in China and use local agents to attract investors. However, that will have to change. An agent who is dealing with Chinese residents as part of their business will need to be established in China or have an appropriate data protection representative who is. Failure to comply can lead to fines being levied in China or blocking of the right to trade which would also mean blocking of that agencies web presence in China via the national firewall.

PIPL is also a great example of the increasing international growth and reach in data protection and the need to be sure about the regime that applies in relation to each market you are seeking to operate in. From November that will also include China.