Privacy & Information Security Law Blog

In April 2013, the People’s Republic of China’s General Office of the National People’s Congress published a draft amendment to the Law on the Protection of Consumer Rights and Interests (the “ Proposed Amendment”) and solicited public comments on the Proposed Amendment until May 31, 2013. The Proposed Amendment includes provisions that affect the collection and use of consumer personal information.

The existing Law on the Protection of Consumer Rights and Interests has been in effect for about 20 years, although there have been vigorous discussions in recent years about amending this law. Proposed amendments have gained momentum due to the frequent occurrences of illegal disclosures of consumer personal information.

The current law provides no mechanisms for preventing or addressing these events. For example, the current law does not contain any provisions that protect the personal information of consumers. The Proposed Amendment would address this omission by providing that:

• consumers are entitled to the protection of their personal information such as their name and image when purchasing goods or receiving services;
• when collecting and using consumers’ personal information, companies must (1) comply with the principles of legality, fairness and necessity; (2) expressly inform the consumer of the purpose, method and scope of such collection and use; (3) publish their policies on the collection and use of personal information; (4) comply with relevant legal requirements and consumers’ preferences; and (5) obtain consumers’ consent to the collection and use of the personal information;
• companies must keep consumers’ personal information confidential, and must not disclose, amend, destroy, sell or illegally provide the consumer personal information to others;
• technical and other measures must be taken by companies to secure consumer personal information, and any destruction or loss of such information must be mitigated; and
• companies are not permitted to send any commercial digital information to any consumer without the consumer’s consent or request, including when the consumer expressly rejects the provision of such information.

The foregoing provisions are not new, but are instead consistent with provisions previously established under the Resolution of the Standing Committee of the National People’s Congress Relating to Strengthening the Protection of Information on the Internet, which was enacted in December 2012. The Proposed Amendment appears to extend existing rules applicable to the Internet information services sector to the realm of consumer protection. Similar provisions have been in effect for several years at the provincial level under provincial consumer protection regulations.

We will provide an update when the final version of the Proposed Amendment is officially enacted by the National People’s Congress.