Lionbridge understands the importance of data protection under any circumstance. Our privacy and security programs ensure that any data received from our customers is protected and all regional compliance requirements are met. China’s Personal Information Protection Law (PIPL), China’s first comprehensive legislation for personal information protection, went into effect on November 1, 2021. Learn how Lionbridge is PIPL ready and able to assist you with PIPL-compliant localization.

What Is PIPL?

The China Personal Information Protection Law (PIPL) is a new data privacy policy enacted in China. Like the GDPR in Europe, PIPL aims to protect sensitive personal information and applies to any organizations or individuals who handle personally identifiable information (PII) in China. PIPL additionally holds companies accountable for intentionally or unintentionally releasing information to third parties.

PIPL applies to the processing of the personal information of people within China, and to the activities carried out outside of China to process the personal data of people within China under the following circumstances:

Where the purpose is to provide products or services to people in China
Where the purpose is to analyze and evaluate the activities of people in China
Other circumstances provided by laws and administrative regulations

What Is Personal Information Under PIPL and How Is It Processed?

Under the Personal Information Protection Law, personal information refers to various kinds of information related to identified or identifiable natural persons recorded by electronic or other means, excluding information processed anonymously and including financial accounts. Processing personal information includes the collection, storage, use, processing, transmission, publication and erasure of personal data.

How Does Lionbridge Comply With the Personal Information Protection Law?

One key difference between PIPL and the EU General Protection Data Regulation (GDPR) and the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, or LGPD) is that the PIPL does not allow the processing of personal data based on a legitimate interest, unlike the EU GDPR and the Brazilian LGPD.

Lionbridge is primarily an “Entrusted Party” when offering services to its customers, meaning that information is only processed by instructions of a customer (Personal Information Processing Entity), and only for the specific purpose agreed upon between Lionbridge and the customer.

Lionbridge relies on consent and necessity for the performance of a contract to process business contact information that is needed to perform the services.

Lionbridge offers our services with technology that is not publicly accessible. To access these tools, registration is necessary, which is reviewed and approved by Lionbridge. This means that only individuals who have a legitimate reason and have agreed to our terms of use or have a business agreement with Lionbridge would be granted access to those tools.

We only process information that is required to provide our services to customers, and only for the purpose that is clearly specified in a service agreement.

Additionally, we have implemented technical and organizational measures in line with ISO 27001:2013 and ISO 27701:2019, including all applicable security and privacy controls outlined in these international standards.

Lionbridge will assess and implement any additional requirements from the Cyberspace Administration of China regarding cross-border data transfers, and further guidance in other topics.