November 22, 2019

November 21, 2019

Subscribe to Latest Legal News and Analysis

November 20, 2019

Subscribe to Latest Legal News and Analysis

November 19, 2019

Subscribe to Latest Legal News and Analysis

China Amends Criminal Law Related to Data Privacy and Cybersecurity

On August 29, 2015, China’s legislature, the National People’s Congress, amended the Criminal Law, effective November 1, 2015. Among other things, the amendments modify and add several provisions related to data privacy and cybersecurity. We discuss some of these key amendments below.

  • Expanded criminal sanctions for illegal sale or provision of personal information. Previously, criminal sanctions for selling or providing personal information applied only to government personnel and certain sectors such as finance, telecommunications, transportation, education, and healthcare. Article 253 as amended now applies criminal sanctions to anyone who, in violation of relevant State rules, sells or provides the personal information of others if the circumstances are serious. The crime is punishable by fixed-term imprisonment of no more than three years and/or a fine. If the circumstances are “extremely serious,” the penalties are more severe: three to seven years imprisonment, plus a concurrent fine. The new amendments also provide that those who, in violation of relevant State rules, sell or provide personal information obtained in the course of conducting professional duties or providing services shall face penalties on the harsher end of the ranges described in the preceding paragraph.

  • New penalties on internet service providers. Under the new Article 286(a), network service providers (and responsible individuals therein) who fail to fulfill “information network security administration duties prescribed by laws and/or administrative regulations” and refuse to take remedial measures ordered by regulatory authorities face criminal liability — fixed-term imprisonment of no more than three years, criminal detention, or public surveillance, with a fine either concurrently with such punishment or in lieu thereof — if one of the following circumstances occurs: (1) illegal information is widely disseminated, (2) user information is divulged and the circumstances are serious, (3) evidence in a criminal case is lost and the circumstances are serious, or (4) other “serious” circumstances are involved. We understand the term “network service provider” to include both internet service providers (e.g., telecom companies) and internet content providers (including websites). While the breadth of the term “serious” creates certain challenges to interpretation, these new provisions are consistent with the Chinese government’s recent focus on disciplining activities in cyberspace.

  • Criminal liability for conducting and facilitating certain online activity. A new Article 287(a) explicitly provides criminal penalties for those who use information networks to (1) establish websites or communication groups to engage in illegal or criminal activities, (2) publish illegal information such as pornography or information regarding prohibited items (e.g., guns, illegal drugs), or (3) publish other information for the purposes of engaging in fraud or other illegal activities. Under a new Article 287(b), criminal penalties also may be applied to those who, with clear knowledge that another individual is using an information network to commit a crime, provides internet access, storage, hosting, or other technical support, or provides advertising, settlement of payments, and any other assistance for such crime.

These amendments come amidst a series of significant developments in China’s data protection and cybersecurity regime. (See, for example, our post on China’s recently published draft Network Security Law here, and another specifically on the implications of that draft law for data privacy in China here.)

© 2019 Covington & Burling LLP

TRENDING LEGAL ANALYSIS


About this Author

Ashwin Kaja, Covington Burling, International trade lawyer
Associate

Ashwin Kaja is an associate in the firm’s Beijing office and is a member of the firm’s International Trade, Public Policy, Data Privacy & Cybersecurity, and Anti-Corruption practice groups. He has advised multinational companies, governments, and other clients on a range of matters related to international trade, public policy and government affairs, data privacy, foreign investment, anti-corruption compliance and investigations, corporate law, real estate, and the globalization of higher education. He also serves as the China and India editor for Covington’s ...

86-10-5910-0511
Eric Carlson, Litigation Attorney, Covington Law Firm
Partner

Eric Carlson advises clients operating in China and other jurisdictions in Asia on a range of anti-corruption laws, including the Foreign Corrupt Practices Act (FCPA). He has deep experience leading highly sensitive anti-corruption/FCPA investigations in China and other jurisdictions in Asia, including investigations presenting complex legal, political, and reputational risks.​​

86-21-6036-2503