The U of I System and International Privacy Laws

Countries across the world are enacting new laws to protect the privacy of their citizens. The trend toward improving international privacy protections largely began with the European Union’s General Data Protection Regulation, known as the EU GDPR, which came into force on May 25, 2018. Many countries’ privacy laws enacted since that date are based upon the EU GDPR’s provisions. China enacted one such law, the Personal Information Protection Law, known as PIPL. Although many of its principles are drawn from the EU GDPR, it is unique in many ways.

Unlike the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), and the Illinois Personal Information Protection Act (PIPA), which approach privacy by looking at categories of information like student education records and health records, international privacy laws like the EU GDPR and China’s PIPL seek to protect the full spectrum of personal information, where personal information is defined very broadly.

International privacy laws like the EU GDPR and China’s PIPL may impact the University of Illinois System and its operations. Accordingly, the System has established procedures to address these laws where applicable. Please use the following links for additional information.

• The European Union and United Kingdom General Data Protection Regulations
• China’s Personal Information Protection Law
• Data Processing Agreements & Data Handling Agreements
• Research and International Privacy
• Websites cookies and forms
• What should I do if I get a question about the EU or UK GDPR or China’s PIPL?
• Links to International Privacy Resources and Articles