The Personal Information Protection Law as an Operational Instrument of China's Dual Circulation Strategy: Data Sovereignty and Selective Permeability in Cross-Border Governance

This thesis investigates the extent to which China's Personal Information Protection Law (PIPL) functions as an operational instrument of the Dual Circulation Strategy (DCS), the development model introduced in 2020 to reorient economic growth toward domestic demand while preserving selective international engagement. The central argument is that the PIPL is not simply China's answer to the GDPR but a regulatory mechanism through which Beijing governs cross-border data flows in pursuit of economic self-reliance and data sovereignty. The research combines doctrinal analysis of the PIPL, policy tracing across planning documents, and a case study of the 2025 administrative penalty against Dior Shanghai, which shows enforcement extending well beyond high-profile technology companies into the ordinary operations of foreign retailers. The findings show that the PIPL creates a filtering system rather than a hard border. Through separate consent requirements, tiered transfer pathways, and liability rules that travel up to foreign parent companies, the law makes data localization the rational default for most operators. It also generates a compliance economy that channels foreign capital toward domestic services. The thesis concludes that the PIPL borrows privacy language to do the work of economic statecraft, and that understanding it on those terms matters for anyone operating in China's digital market.