Privacy & Information Security Law Blog

On March 15, 2021, China’s State Administration for Market Regulation (“SAMR”) issued Measures for the Supervision and Administration of Online Transactions (the “Measures”) (in Chinese). The Measures implement rules for the E-commerce Law of China and provide specific rules for addressing registration of an online operation entity, supervision of new business models (such as social e-commerce and livestreaming), platform operators’ responsibilities, protection of consumers’ rights and protection of personal information.

Highlighted below are provisions on the protection of personal information and of consumers’ rights.

Protection of Personal Information

The online transaction operator is prohibited from adopting one-time general authorization, implied authorization and bundled authorization, as well as from stopping installation, or using other means, to force consumers to consent to providing information not directly related to its business operation. In other words, where the online transaction operator intends to request that customers provide information not directly related to its business operation, the operator must obtain separate consent from consumers.

In addition, the online transaction operator must obtain separate consent from customers on an individual basis in cases of the collection and use of sensitive personal information, such as personal biometric information, healthcare information, financial account information and personal whereabouts. In practice, online transaction operators may consider using separate check boxes or pop ups to obtain consent for the collection and use of this sensitive information.

Additionally, the online transaction operator is prohibited from sending commercial information without the consumer’s request or consent. While sending commercial information, the online transaction operator must expressly provide its identity and contact information along with a way for consumers to reject receipt of this information via a prominent, simple and free method.

Protection of Consumers’ Rights

The online transaction operator must provide notice to consumers in a prominent way if tied-in sales of goods or services are provided, either directly in a bundle or with multiple options available. Where the customers are provided with multiple options, the online transaction operator is prohibited from inferring implied consent from any choice regarding a tied-in sale of goods or services. Consenting to the selection of items in one transaction does not automatically establish consent to their selection in subsequent transactions.

In terms of automatic renewals, before consumers accept a service, the online transaction operator must notify consumers of the renewal in a prominent way five days prior to the date of automatic renewal and allow consumers to choose whether to renew the service. The online transaction operator also must provide consumers a prominent and simple option for cancellation and alteration of an automatic renewal and must not charge an unreasonable fee for the renewal.

In addition, the Measures stipulate contents that may not be contained in standard terms, notifications and statements used for the provision of merchandise or services, including the (1) elimination or restriction of repairs, exchanges, returns, compensation, liquidated damages and other reasonable damages; (2) elimination or restriction of complaints and reports, requesting mediation or filing arbitrations or law suits; (3) elimination or restriction of the amendment or cancellation of contracts; and (4) terms stating that the online transaction operator is entitled to the unilateral right of interpretation or right of ultimate interpretation.

The Measures will be effective as of May 1, 2021.