Privacy & Information Security Law Blog

On January 5, 2015, the State Administration for Industry and Commerce of the People’s Republic of China published its Measures for the Punishment of Conduct Infringing the Rights and Interests of Consumers (the “Measures”). The Measures contain a number of provisions defining circumstances or actions under which enterprise operators may be deemed to have infringed the rights or interests of consumers. These provisions are consistent with the basic rules in the currently effective P.R.C. Law on the Protection of Consumer Rights and Interests (“Consumer Protection Law”). The Measures will take effect on March 15, 2015.

Article 11 of the Measures provides a list of actions that enterprise operators may not undertake because they infringe upon the personal information of consumers. In October 2013, we reported on the amendment to the Consumer Protection Law which extended the protections of personal information to consumer personal information. The list provided in Article 11 of the Measures is similar in concept to the amendment to the Consumer Protection Law.

Although the list itself does not contain any surprises, Article 11 is nevertheless potentially an important development because it provides a definition of “consumer personal information.” (The amendment to the Consumer Protection Law omitted a definition of this term.) According to Article 11, “consumer personal information” refers to “information collected by an enterprise operator during the sale of products or provision of services, that can, singly or in combination with other information, identify a consumer.” Article 11 also provides a list of specific examples of “consumer personal information,” including a consumer’s “name, gender, occupation, birth date, identification card number, residential address, contact information, income and financial status, health status, and consumer status.”

While this definition applies only in relation to consumer personal information, it is an instructive milestone in the continuing emergence of China’s sector-by-sector patchwork of rules and regulations governing the collection and use of personal information.