August 17, 2022

Volume XII, Number 229

Advertisement
Advertisement

August 17, 2022

Subscribe to Latest Legal News and Analysis

August 16, 2022

Subscribe to Latest Legal News and Analysis

August 15, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

China Seeks to Protect Personal Internet Information

The widespread use of the Internet has given people access to information on a level never experienced before, while also resulting in growing attention and concerns over information security issues. In order to protect personal information that may be used or disclosed inappropriately via the Internet by other individuals or entities, particularly Internet service providers, the 30th session of the Standing Committee of the 11th National People’s Congress released the decisions regarding Strengthening the Protection of Internet Information (the Decisions) on December 28th, 2012, which became effective the same day. Several months later, the Ministry of Industry and Information released the Telecommunications and Internet User Individual Information Protection Regulations (Draft for Comments) (the Draft Regulations) and Provisions on the Registration of True Identity Information of Phone Users (Draft for Comments) (the Draft Provisions) on April 10th, 2013. Though the Draft Regulations and the Draft Provisions have not become effective for the time being, there are still some highlights that are worth noting.

1. General Principle and Definition

Under the Decisions, it is explicitly stipulated that the government will protect personal electronic information (the Information) that identifies a citizen or that concerns their privacy, and any entities or individuals are prohibited from using illegal methods to obtain citizens’ information, or sell or disclose the above to any others. A definition of the Information is lacking in the Decisions. The Draft Regulations appear to provide some guidance, however. They provide that "personal information" means information telecommunication business operators and internet service providers collect that independently, or in combination with other information, distinguish the user. This includes such things as the user's name, date of birth, identity card number, address, and other identifying information, as well as the user's codes, account numbers, times, locations and other stored information in connection with their service use.

2. Obligations and Roles

The Decisions require Internet service providers, other entities and their working staff to:

  1. Obtain consent when they collect or use the Information;

  2. Collect or use the Information limited to necessary purposes and by fair and lawful means;

  3. Specify the purpose, method and scope of collection and use of the Information;

  4. Comply with laws, regulations and agreements with concerned citizens;

  5. Publicize its policies on collection and use of the Information;

  6. Keep strictly confidential the Information that they have collected during the operations and not disclose, alter, destroy, sell or provide such Information via other illegal methods to others; and

  7. Adopt technical and other necessary measures to ensure security of the Information and make remedies in a timely manner in case that disclosure, destroy or lose of the Information has occurred or may occur.

The above requirements are also specified in the Draft Regulations, under which the telecommunications business operators and Internet information service providers are subject to the same rules when collecting or using personal information. In addition, more detailed measurement shall be adopted, such as information review, safe storage, risk evaluation, etc.

3. Administration

According to the Decisions, Internet service providers shall strengthen the administration of the Information publicized by Internet users on the Internet, shall stop transmitting and delete any information prohibited by laws or regulations, and shall retain relevant records and report to competent authorities.

Moreover, during the process of providing network access services or information publication services, the Internet service providers shall request the users to provide their true identity information when signing service agreements or confirming provision of services with such users.

The true identity registration requirements are further clarified in the Draft Provisions. Once taking effect, phone users, including individuals and entities, shall provide true and effective identity certificates to telecommunication business operators when going through network access formalities.

4. Citizens’ Rights

The Decisions address the commercial use of electronic information. The information may not be delivered to any fixed phones, mobile phones or personal mailboxes, without first receiving the receiver's consent. In order to secure personal privacy, if citizens discover any infringement of their legitimate rights with respect to the Information, including disclosure of personal identity information or spreading of their personal information, they are entitled to require Internet service providers to delete related information or take other necessary actions to stop such encroachments, as well as bring lawsuits to the people’s court.

Conclusion

As the first national regulation specialized in personal information protection, the effective Decisions and may-take-effect Draft Regulations and Draft Provisions mark a great step by Chinese authorities to promote personal information security, and may form the foundation of a more comprehensive and legally binding data privacy legislation in the future.

©2022 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume III, Number 204
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

George Qi, Greenberg Traurig Law Firm, Shanghai, Corporate and Finance Law Attorney
Shareholder

George Qi is the Co-Managing Shareholder in the firm's Shanghai office. He practices primarily in China-related cross- border mergers and acquisitions, foreign direct investment and general corporate matters. He also has wide- ranging experience advising both U.S. and non-U.S. companies relating to internal investigations of FCPA or other regulatory violations.

Areas of Concentration

  • Corporate

  • Compliance

  • Foreign Corrupt Practices Act...

86021-6391-6633
Dawn (Dan) Zhang, Greenberg Traurig Law Firm, Shanghai, Corporate Law Attorney
Shareholder

Dawn (Dan) Zhang is Co-Managing Shareholder of the Shanghai Office and has broad experience advising clients on China-related cross-border mergers and acquisitions, restructuring, joint ventures, funds, and general corporate matters. Before joining Greenberg Traurig, Dawn practiced in other international law firms for many years and served as the PRC legal counsel for a multinational corporation, where she handled a wide variety of corporate matters for public and emerging growth companies. Dawn passed the national PRC judicial qualification examination in 1998 and is...

8621-6391-6633
Advertisement
Advertisement
Advertisement