GDPR, PDPO and PIPL – A comparison
Data protection legislation around the world exhibits a remarkable diversity in terms of scope, principles, and enforcement mechanisms. The most notable distinction is between the comprehensive, rights-driven approach adopted by some countries and the more sector-specific and flexible frameworks employed by others.
The EU Data Protection Regulation ("EU GDPR") heralded a step change in data protection law throughout the region. The GDPR continues to apply in the UK following Brexit as the “UK GDPR”, supplemented by the Data Protection Act 2018 ("DPA"). The EU/UK GDPR have traditionally been seen as setting the "gold standard" for data protection law internationally, with robust individual privacy rights, strict consent requirements, and substantial penalties for non-compliance.
The Personal Data (Privacy) Ordinance ("PDPO") in Hong Kong and the Personal Information Protection Law ("PIPL") in the Republic of China are both comprehensive data protection regimes, with certain concepts that are aligned with those of the EU/UK GDPR. Despite a number of similarities across the three regimes, there are also notable differences, which are explored further below. For more information on EU/UK GDPR, the PDPO and PIPL, or any other data protection and privacy queries, please contact a member of our data protection team.