Privacy & Information Security Law Blog

In April 2013, the Ministry of Industry and Information Technology of the People’s Republic of China (the “MIIT”) issued a new rule entitled the “Notice on Strengthening the Administration of Networked Smart Mobile Devices” (the “Notice”). This Notice, which will become effective on November 1, 2013, was issued in draft form in June 2012 along with a request for public comment.

The latest version of the Notice generally retains most of what was contained in the original draft, though there are some notable differences. Most significantly, the Notice now covers manufacturers that apply to the MIIT for network-access licenses for their smart mobile networking devices, whereas the original draft would have also applied to entities that purchase customized devices from such manufacturers.

Notably, manufacturers may not pre-install any software on smart mobile networking devices that will:

• collect and modify the user’s personal information without notice to and consent of the user;
• without notice to and consent of the user, enable communication functions that could have adverse consequences (such as the interruption of network information flows, loss of fees or disclosure of information);
• impact the normal functioning of devices or the safe operation of the communications network;
• contain any information prohibited by law; or
• otherwise impact the security of users’ personal information, the legitimate interests of users or network security.

Manufacturers are further required to report to the MIIT when they (1) add pre-installed software, or (2) make changes to the devices’ operating system that would affect the basic security environment required during network access testing.

The Notice comes during a period of rapid development in this industry in China, with an ever-increasing number of entities manufacturing smartphones. At the same time, malicious software affecting smartphones has caused serious damage and attracted widespread attention, highlighting the potential risks associated with the disclosure of personal information caused by software pre-installed on smartphones for free, or included on free smartphones that are given away as part of marketing campaigns. For example, the Chinese media recently reported that smartphones provided by two leading Internet information service providers in China include a number of pre-installed security features and applications, but it is not clear whether this software is safe.

Although the Notice represents a positive development in China’s data protection legal regime, some manufacturers may find it necessary (and costly) to modify their technical and sales strategies to comply with the Notice’s requirementss

Read our previous coverage on the latest developments in China.