Compliance Guide — China

China Employee Monitoring Laws: PIPL, CSL, and Employer Compliance Guide 2026

China employee monitoring law is the set of data protection and cybersecurity regulations, including the Personal Information Protection Law (PIPL), Cybersecurity Law (CSL), and Data Security Law (DSL), that govern how employers may collect, process, and retain employee activity data for workers in mainland China. PIPL, effective November 2021, is the primary framework. It differs from GDPR in one critical way: employment alone does not substitute for consent when collecting sensitive personal information categories. This guide explains what global employers must change before deploying monitoring tools to China-based employees.

Start Free Trial Download Policy Template
eMonitor compliance dashboard showing employee monitoring policy status for China PIPL compliance

China's Employee Monitoring Legal Framework: PIPL, CSL, and DSL

China's employee monitoring legal framework rests on three interconnected statutes: the Personal Information Protection Law (PIPL, effective November 1, 2021), the Cybersecurity Law (CSL, effective June 2017), and the Data Security Law (DSL, effective September 2021). Each statute addresses different dimensions of how employers handle employee data, and compliance requires understanding how all three interact for monitoring activities specifically.

PIPL is the primary statute for employee monitoring compliance. It governs any organization that processes personal information of individuals located in mainland China, regardless of where the processing organization is headquartered. A US employer with 50 engineers in Shanghai is subject to PIPL for those engineers' monitoring data, even if all processing servers are located in the United States. PIPL applies extraterritorially to data processing activities that affect individuals in China.

The CSL governs cybersecurity obligations for network operators, which includes most employers who operate IT infrastructure in China. CSL requirements intersect with employee monitoring through obligations to protect network security, log system access for audit purposes, and cooperate with government security assessments. The DSL classifies data by security level and creates obligations for protecting "important data" and "core data" categories that may include certain employee monitoring records depending on industry.

What Counts as Employee Personal Information Under PIPL

PIPL defines personal information as any information relating to an identified or identifiable natural person. For employee monitoring purposes, this definition covers: employee name and identification numbers, computer activity logs linked to an employee account, application and URL usage records associated with an employee, screenshot images showing employee work, keystrokes associated with an employee account, email metadata and content where the employee is sender or recipient, and precise location data if location tracking is used.

PIPL further classifies certain data types as sensitive personal information (SPIl), which requires separate, explicit consent for processing regardless of the lawful basis used for other employee data. Sensitive personal information categories relevant to employee monitoring include biometric identification information (facial geometry, fingerprints, voiceprints), precise geographic location, health and medical information, private communication content (email body text, message content, call recordings), and financial account information.

PIPL establishes six lawful bases for processing personal information: consent, contractual necessity, legal obligation, vital interests, public interest, and legitimate interests. The critical difference from GDPR is how PIPL applies these bases to employee monitoring, particularly through the employment relationship.

The Employment Contract Is Not Automatic Justification

Under GDPR Article 6(1)(b), employers commonly rely on performance of contract (the employment contract) as the lawful basis for processing employee data that is necessary to administer the employment relationship. PIPL's contractual necessity basis (Article 13(2)) has a narrower interpretation under current regulatory guidance: it covers only data processing that is strictly necessary to execute the specific terms of the employment contract, such as recording attendance for payroll purposes or processing bank details for salary payment.

Broader monitoring activities, including screen capture, application tracking, productivity scoring, and URL monitoring, go beyond what is strictly necessary to execute the employment contract itself. For these activities, employers must rely on either consent or legitimate interests. Consent is the safer and more common choice in practice, because China's legitimate interests framework is less developed and carries more regulatory uncertainty than GDPR's equivalent.

Consent Requirements Under PIPL

PIPL consent must be voluntary, specific, informed, and unambiguous. Embedding monitoring consent in an employment contract as a condition of employment raises questions about voluntariness, because employees have limited ability to negotiate employment terms. Chinese regulatory guidance suggests that the safest approach is to obtain separate, standalone consent for monitoring activities, distinct from the employment agreement, and to explain in clear language what will be monitored, for what purpose, and how data will be used and retained.

For sensitive personal information categories, PIPL requires separate explicit consent for each category. An employer who collects biometric data (such as facial recognition for timekeeping), precise location data (such as GPS tracking), and communications content (such as email monitoring) must obtain three separate consent agreements, one for each category, in addition to any general monitoring consent covering non-sensitive data.

Legitimate Interests Under PIPL

PIPL Article 13(6) allows processing under legitimate interests, but this basis requires demonstrating that the processing has a legitimate purpose, that the processing is necessary and proportionate to that purpose, and that the impact on individuals' rights and interests is limited. China has not yet published the same volume of regulatory guidance on legitimate interests balancing that the European Data Protection Board has produced for GDPR, making this basis less predictable. Most multinational employers operating in China default to consent-based processing for monitoring activities to avoid uncertainty.

High-Risk Monitoring Activities Under PIPL: What Creates the Most Exposure

Not all employee monitoring activities carry equal risk under PIPL. The highest-risk monitoring categories are those that involve sensitive personal information, cross-border data transfers, or large-scale processing operations that trigger government security assessment requirements.

Keystroke Logging and Communications Content Monitoring

Keystroke logging that captures the content of what employees type, including emails, messages, documents, and chat content, captures private communications content. PIPL classifies private communication content as sensitive personal information. Deploying keystroke logging tools that capture typed content in China requires separate explicit consent for this sensitive category. Keystroke logging tools that capture only statistics (characters per minute, active typing time) without capturing content are less problematic and may not trigger the sensitive information requirements.

Biometric Monitoring

Facial recognition timekeeping systems, fingerprint scanners, and voice recognition tools all collect biometric identification information, which is sensitive personal information under PIPL. Any employer deploying biometric-based monitoring or access control in China must obtain separate explicit consent from each employee before collecting biometric data, publish a biometric data retention and destruction schedule, and implement security measures appropriate to the sensitive nature of the data. PIPL does not impose a specific retention limit for biometric data, but the data minimization principle requires deletion when the purpose for collection has been fulfilled.

Location Tracking

Precise geographic location tracking of employees, whether through GPS in mobile devices, location-enabled productivity applications, or network-based location services, falls within PIPL's sensitive personal information category. Employers who track precise employee locations in China, including for field service management or attendance verification at specific locations, must obtain separate explicit consent for location data collection. General network-level location (city-level, not street-level) may not constitute "precise" location under PIPL, but this boundary has not been definitively resolved in regulatory guidance.

Screen Recording and Screenshot Monitoring

Periodic screenshot monitoring and screen recording do not automatically capture sensitive personal information in the way keystroke logging or biometric monitoring does. Screenshots of work activity on employer applications capture operational data that, under most employment contexts, falls within legitimate interests or contractual necessity. However, screenshots that routinely capture personal information visible on screen, such as employees accessing personal email, banking portals, or health portals during work hours, create incidental sensitive information collection that requires careful policy design to avoid PIPL exposure.

Cross-Border Data Transfer Requirements: China's Strictest Provision

China's cross-border data transfer requirements are among the most restrictive in the world, and they are the provision most frequently missed by multinational employers who assume that PIPL's substantive requirements are similar to GDPR and therefore their existing GDPR compliance program covers China. The cross-border transfer requirements are materially different and require separate compliance steps.

Three Available Transfer Mechanisms

PIPL Article 38 provides three mechanisms for transferring personal information from China to foreign countries. First, passing a government security assessment administered by the Cyberspace Administration of China (CAC), which is required for transfers by critical information infrastructure operators and for transfers that meet volume thresholds (100,000 individuals' data per year, or any transfer of 10,000 or more individuals' sensitive personal information). Second, obtaining personal information protection certification from a professional institution recognized by the CAC. Third, executing a standard contract for cross-border personal information transfer published by the CAC (the Chinese equivalent of GDPR standard contractual clauses, published in June 2022).

Most multinational employers with typical employee monitoring programs will qualify for the CAC standard contract mechanism unless their operation crosses the volume thresholds triggering mandatory security assessment. The CAC standard contract requires conducting a personal information protection impact assessment (PIPIA) and filing the contract and PIPIA with the local CAC within 10 business days after the contract takes effect.

Data Localization for Certain Industries

Critical information infrastructure operators, including employers in financial services, energy, transportation, and healthcare, face additional data localization requirements under both the CSL and PIPL. For these employers, certain categories of data collected in China must be stored within China and cannot be transferred abroad without completing the mandatory government security assessment first. An employer in financial services deploying a monitoring platform that stores data on overseas servers may need to complete a security assessment before any monitoring data leaves China, regardless of the volume thresholds that apply to general employers.

Practical Implications for Cloud-Based Monitoring Platforms

Cloud-based monitoring platforms that store collected data on servers outside mainland China automatically create a cross-border transfer that requires one of the three PIPL transfer mechanisms. Employers deploying eMonitor or any cloud-based monitoring tool for China-based employees must identify which transfer mechanism applies, complete the required documentation, and in many cases file that documentation with local authorities before monitoring begins. This process typically takes four to eight weeks for the CAC standard contract route and three to six months for the security assessment route.

Employee Rights Under PIPL: Access, Correction, and Deletion

PIPL grants employees substantive rights over their personal information held by employers. These rights are enforceable and create operational requirements for monitoring programs that employers must plan for before deploying monitoring tools.

Right of Access

PIPL grants employees the right to access the personal information an employer holds about them, including monitoring data such as activity logs, screenshots, URL tracking records, and productivity scores. Employers must establish a process for receiving and responding to access requests within a reasonable timeframe. PIPL does not specify an exact deadline, but regulatory guidance and industry practice treat 15 business days as the expected response time for straightforward requests.

Right to Correction and Supplementation

Employees have the right to request correction of inaccurate personal information and supplementation of incomplete data. For monitoring data, this right is most relevant when activity logs contain errors, such as misattributed activity records, or when context is missing that would affect how the data is interpreted. Employers should not use the correction right as a mechanism for employees to alter objectively recorded monitoring data, but should respond in good faith to claims of technical inaccuracies.

Right to Deletion

PIPL's deletion right applies when: the purpose for processing has been fulfilled, consent has been withdrawn, processing violates law or the employer's own policies, or the retention period has expired. For monitoring data, this means employers must delete monitoring records when they have served their business purpose and no longer need to be retained for compliance or litigation hold reasons. Employers should establish automated data retention schedules that delete monitoring data after specified periods, with different periods for different data types based on operational and legal requirements.

Right to Explanation of Automated Decision-Making

PIPL Article 24 creates rights related to automated decision-making that uses personal information. If an employer uses monitoring data in algorithmic productivity scoring, automated performance evaluation, or any system that makes or supports decisions affecting employees, PIPL requires the employer to be transparent about how the automated system works and to offer employees a path to request human review of automated decisions. This is particularly relevant for monitoring platforms that generate automated productivity scores, risk flags, or performance ratings based on collected activity data.

PIPL Penalties and Enforcement Actions

PIPL enforcement has demonstrated that Chinese regulators are prepared to impose significant penalties on organizations that violate personal information protection requirements. The penalty structure is modeled partly on GDPR but includes provisions that can generate higher absolute fines for large organizations.

Administrative Penalties

PIPL Article 66 establishes administrative penalties for violations. For minor violations, regulatory authorities may issue warnings and orders to correct. For serious violations, penalties reach up to 50 million RMB (approximately $7 million USD at 2026 exchange rates) or 5% of the previous year's annual revenues in China, whichever is higher. For violations involving critical information infrastructure operators or large-scale processing, penalties may be more severe and can include orders to suspend relevant processing activities.

The 5% of annual China revenues figure is the provision that creates the highest potential exposure for large multinational employers. A multinational with $500 million in annual China revenues faces a maximum fine of $25 million for a serious PIPL violation, which significantly exceeds the absolute maximum of $7 million at current exchange rates. The Didi Global enforcement action in 2022, which resulted in an 8.026 billion RMB penalty under predecessor regulations, signals the Chinese regulatory environment's willingness to impose very large fines for serious data protection violations.

Personal Liability for Responsible Persons

PIPL imposes personal liability on "directly responsible persons" and "other directly responsible individuals" for violations. Individual fines reach up to 1 million RMB (approximately $140,000 USD). Responsible persons may also be prohibited from serving as directors, supervisors, senior managers, or personal information protection officers for a specified period. This personal liability provision means that HR managers, IT directors, and data protection officers who oversee employee monitoring programs carry individual risk for PIPL violations.

eMonitor monitoring configuration dashboard supporting PIPL-compliant monitoring for China operations

How to Build a PIPL-Compliant Employee Monitoring Policy for China

Building a PIPL-compliant monitoring policy for China requires attention to requirements that do not exist in most other jurisdictions: sensitive information consent layers, cross-border transfer mechanisms, and Personal Information Protection Impact Assessments. The following six-step process addresses each requirement.

  1. Map monitoring activities to PIPL lawful bases. List every monitoring tool and data type currently deployed or planned for China-based employees. Assign a PIPL lawful basis to each: contractual necessity for payroll-related time tracking, legitimate interests for routine productivity monitoring on employer systems, and explicit consent for sensitive personal information categories including biometrics and precise location.
  2. Draft a PIPL-compliant employee monitoring notice. The notice must state what personal information is collected, the purpose and method of processing, retention periods for each data type, employee rights under PIPL, contact information for the responsible person or privacy officer, and how employees may exercise their rights. Distribute the notice in simplified Chinese, obtain documented acknowledgment, and retain acknowledgment records for the duration of employment plus three years.
  3. Obtain separate explicit consent for sensitive personal information. For biometrics, precise location, communications content, and health data, prepare separate consent documents that explain specifically what sensitive data is collected, why it is necessary, and how it is protected. The consent document for each sensitive category must be signed separately and must not be bundled with the general employment agreement or general monitoring consent.
  4. Conduct a Personal Information Protection Impact Assessment (PIPIA). Complete a PIPIA before beginning any monitoring of sensitive personal information or any large-scale monitoring operation. The PIPIA documents the purpose and legal basis for processing, evaluates the impact on employee rights, describes security measures, and identifies risks with mitigation strategies. Retain the PIPIA for at least three years and update it when monitoring practices change materially.
  5. Implement the appropriate cross-border data transfer mechanism. Determine whether your monitoring data volume triggers the mandatory CAC security assessment (100,000+ individuals' records annually) or whether the CAC standard contract is sufficient. For most employers with fewer than 100,000 employees in China, the CAC standard contract route applies. Execute the standard contract with your monitoring platform vendor or data processor, complete the accompanying PIPIA, and file the documentation with local authorities within 10 business days.
  6. Establish employee rights response processes. Build a system for receiving and responding to employee requests to access, correct, delete, or port their monitoring data. Assign clear ownership for rights request processing, set a 15-business-day target response time, and document each request and response for audit purposes. For automated decision-making using monitoring data, prepare explanations of how automated scores are calculated and create a process for employees to request human review.

How eMonitor Supports PIPL Compliance for China-Based Employees

eMonitor's core monitoring features, screen activity capture, application tracking, URL monitoring, and work-session analytics, operate on employer-owned devices and within employer-operated systems. This architecture aligns with PIPL's most defensible processing basis: the employer's legitimate interest in monitoring how its systems and devices are used during work hours, combined with employees' reduced expectation of privacy on employer equipment.

No Biometric Data Collection

eMonitor does not require biometric data collection for its core monitoring functions. Screen monitoring, activity tracking, and productivity analytics operate without facial recognition, fingerprint scanning, or voice biometrics. This design avoids PIPL's most operationally burdensome requirement: separate explicit consent for sensitive biometric personal information. Employers can deploy eMonitor's monitoring capabilities without triggering the biometric consent layer.

Configurable Data Retention

eMonitor's data retention settings allow administrators to configure different retention periods for different data types. For China operations, employers can set shorter retention periods aligned with PIPL's data minimization requirements, ensuring monitoring data is deleted automatically when the business purpose is fulfilled. Configurable retention supports compliance with both PIPL's deletion obligations and any industry-specific data retention requirements that apply to the employer's sector.

Transparent Employee Dashboards

eMonitor provides employee-facing dashboards where employees can view their own activity data. This transparency satisfies PIPL's access right in practical terms: employees can see their monitoring data directly without submitting a formal access request. Transparent monitoring also supports the notification obligations under PIPL by demonstrating that monitoring is overt rather than covert, which reduces the risk of employees claiming they were unaware their activity was being recorded.

Cross-Border Transfer Considerations

For China-based employees, the cross-border transfer of monitoring data to eMonitor's cloud infrastructure requires completing the appropriate PIPL transfer mechanism before monitoring begins. eMonitor works with employers to understand data flow architecture, supporting the technical documentation needed for CAC standard contract completion or security assessment filings. Legal counsel familiar with Chinese data protection law should lead the transfer mechanism selection and filing process.

Monitor China-Based Employees With a PIPL-Aware Architecture

eMonitor's computer activity monitoring avoids the highest-risk PIPL data categories. Start your 7-day free trial today.

Start Free Trial

China Employee Monitoring Law: Frequently Asked Questions

Does China have an employee monitoring law?

Yes. China's employee monitoring law is governed primarily by the Personal Information Protection Law (PIPL, effective November 2021), supplemented by the Cybersecurity Law (CSL, 2017) and Data Security Law (DSL, 2021). PIPL applies to any organization processing personal information of individuals in mainland China, including employee monitoring data, regardless of where the processing organization is headquartered.

What is China's PIPL for employers?

China's Personal Information Protection Law (PIPL) is a comprehensive data protection statute effective November 1, 2021. For employers, PIPL regulates the collection and processing of employee personal information, including activity monitoring data. PIPL requires employers to identify a lawful basis for processing, notify employees before monitoring begins, limit data collection to what is necessary, and obtain separate consent for sensitive personal information categories including biometrics and precise location.

Does PIPL require employee consent for monitoring?

PIPL requires a lawful basis for processing employee personal information, and consent is one of six available bases. Routine computer activity monitoring on employer systems can rely on contractual necessity or legitimate interests. Sensitive personal information, including biometrics, health data, precise location, and communications content, requires separate explicit consent from each employee before collection begins. Employment alone does not substitute for this sensitive-category consent.

How does PIPL differ from GDPR for employee monitoring?

PIPL and GDPR share structural similarities but differ in critical ways. GDPR's legitimate interests basis is well-developed with extensive regulatory guidance, making it a reliable basis for employer monitoring. PIPL's legitimate interests basis is narrower and less supported by regulatory guidance, making consent the safer choice in China. PIPL's cross-border transfer restrictions are also significantly stricter than GDPR's standard contractual clauses mechanism, requiring CAC-specific compliance steps.

Can Chinese employers monitor employee computers?

Yes. Chinese employers may monitor computer activity on employer-owned systems when monitoring serves a legitimate business purpose, employees receive advance notice, and data collection is proportionate to the stated purpose. Routine application tracking, URL monitoring, and productivity analytics on employer devices fall within legitimate business purposes under PIPL. Monitoring of personal devices, sensitive data categories, or communications content requires more robust justification and in some cases separate explicit consent.

What monitoring data requires separate consent under PIPL?

PIPL classifies certain data types as sensitive personal information requiring separate explicit consent before collection. For employee monitoring purposes, sensitive categories include biometric identification information (facial recognition, fingerprints, voiceprints), precise geographic location tracking, health and medical information, and private communications content (email body text, message content). Employers must obtain specific, informed consent for each sensitive category separately from the general employment agreement.

Are there cross-border data transfer restrictions for employee monitoring data in China?

Yes, and China's restrictions are among the strictest globally. Employers transferring monitoring data from China to foreign servers must use one of three mechanisms: a CAC government security assessment (required if transfers exceed 100,000 individuals annually), CAC-recognized certification, or CAC standard contractual clauses. The CAC standard contract requires a Personal Information Protection Impact Assessment and must be filed with local authorities within 10 business days of execution.

What is the penalty for PIPL violations?

PIPL penalties for serious violations reach up to 50 million RMB (approximately $7 million USD) or 5% of previous year's annual China revenues, whichever is higher. Individual managers responsible for violations face personal fines up to 1 million RMB and may be prohibited from serving as company directors or officers. China's Didi Global enforcement action resulted in an 8.026 billion RMB fine, demonstrating regulators' willingness to impose very large penalties.

Does China allow employers to read employee emails?

Chinese employers may monitor corporate email on employer-operated servers for legitimate business purposes when employees are notified in advance. Reading email content is more invasive than metadata monitoring and requires stronger proportionality justification under PIPL. Email content that includes private communications content qualifies as sensitive personal information under PIPL, requiring separate consent or very clear legitimate interests documentation before content monitoring begins.

How does eMonitor support PIPL compliance for China-based employees?

eMonitor supports PIPL compliance through transparent monitoring disclosures, data minimization architecture, configurable retention schedules, and work-hours-only monitoring. eMonitor does not require biometric data collection, avoiding PIPL's sensitive personal information consent requirements for that category. For cross-border data transfer compliance, employers must work with legal counsel to complete the appropriate CAC transfer mechanism before deploying eMonitor for China-based employees.

Related Compliance Resources

GDPR Compliance

How PIPL and GDPR compare for multinational employers with EU and China operations.

Learn more →

Worldwide Law Map

Interactive map of employee monitoring legal requirements in 80+ countries.

Learn more →

2026 Legal Guide

Complete employer guide to employee monitoring law across global frameworks.

Learn more →

Policy Template

Free monitoring policy template adaptable for PIPL notice requirements.

Download →

Data Retention Template

Retention schedule template for monitoring data under PIPL requirements.

Download →

Deploy Monitoring for China Operations With Confidence

eMonitor's architecture avoids biometric data and supports PIPL-aligned transparency. 1,000+ companies trust eMonitor. $3.50/user/month.

Start Free Trial Book a Demo