Privacy & Information Security Law Blog

On August 8, 2014, a court in Shanghai found a foreign couple guilty of illegal collection of personal information. British national Peter Humphrey was sentenced to two and a half years of imprisonment and a fine of RMB 200,000, and his wife was sentenced to two years of imprisonment and a fine of RMB 150,000. In addition, Humphrey will be deported after serving his term.

According to Chinese press reports, the defendants established a company in Hong Kong called ChinaWhys Co., Ltd. in 2003 and a company in Shanghai called Shelian Consultancy (Shanghai) Co., Ltd. in 2004. Using these company names, the defendants investigated many businesses and individuals for their clients, which mainly consisted of Chinese subsidiaries of multinational companies. The defendants purchased various types of personal information of Chinese citizens and used the information to prepare investigative reports, which they then sold to their clients.

This verdict, while newsworthy because of the involvement of foreign defendants, does not really break new legal ground in China. We have previously reported on amendments to the P.R.C. Criminal Law that established criminal penalties for improper sales, provision and collection of personal data. We also have reported on criminal sentences in cases involving the sale of personal data. The legal theories and arguments advanced in this case are well-established and not considered “grey areas” in Chinese law. For instance, foreign-related social and market investigations are subject to strict regulations, and the collection of personal information must be conducted carefully to comply with the law. In this case, the court rejected the defendants’ argument that their illegal investigation was justified because they undertook their actions for legal objectives.

There are other ways, however, in which the verdict may break new ground or lead to new practices. This case is reportedly the first in China involving a foreign (or at least Western) defendant found guilty of illegal collection of personal information. It is also worth noting that the defendants were arrested in August 2013, not long after one of their prominent clients came under investigation by the Chinese government for alleged bribery. Reportedly, this case is merely a small part of that larger bribery investigation.

The verdict will have an impact on business practices involving due diligence investigations, especially those performed for international firms. In an article published by The Wall Street Journal about the verdict, Hunton & Williams Partner Manuel Maisog noted that “It’s not just that the tactical business practices need to change, it’s the mind-set.” The verdict also may make senior business officers apprehensive about using this kind of investigative service to obtain information about their business partners or employees. While the lasting impact of this verdict will most probably unfold over the coming months or years, the old business models used by investigatory firms hired to conduct due diligence have become far riskier, and now can only be employed, if at all, with great caution.