Privacy & Information Security Law Blog

On July 16, 2013, the Ministry of Industry and Information Technology of the People’s Republic of China (the “MIIT”) issued a new rule entitled Provisions on the Protection of Personal Information of Telecommunications and Internet Users (the “Provisions”). The Provisions, which will take effect on September 1, 2013, are intended to implement the general requirements set forth in last December’s Resolution of the Standing Committee of the National People’s Congress Relating to Strengthening the Protection of Information on the Internet (the “Resolution”). The Provisions are the first specific regulations concerning personal information protection by telecommunications service providers in China.

The Provisions apply to services carried out by telecommunications service providers (“TSPs”) and Internet information service providers (“IISPs”) in China, imposing requirements on the collection and use of personal information by TSPs and IISPs. In April 2013, the MIIT issued a draft of the Provisions and solicited public comment.

The Provisions’ requirements contemplate international data protection concepts and reflect an intention to import and apply these concepts in China. The term “user’s personal information” is defined as any information collected during the provision of telecommunications or Internet information services that would identify the user if used alone, or in combination with any other information. The Provisions impose a number of international standard requirements on the collection and use of user personal information obtained in the course of providing the relevant services. The requirements include obligations regarding notice, consent, collection limitations, use limitations, access and correction rights, fair and lawful collection, adopting security safeguards and notification in the event of a severe breach incident.

Violations of the Provisions may result in penalties including administrative warning and fines. In certain cases, criminal liability may apply.

In recent years, enhancing the protection of personal information, whether by legislation or other means, has become a widespread social concern in China. The Provisions aim to improve personal information protection systems in the telecommunications and Internet sectors, and to clarify existing applicable rules and security protection measures to help protect users of telecommunications and Internet services.