These Measures flesh out China's Consumer Rights Protection
Law (CRPL) which was amended in March 2014 and provides guidance as
to how companies may collect, use and protect personal information
The Measures helpfully defines "consumer personal
information", which the amendments to the CRPL had failed to
do, as "information collected by an enterprise operator
during the sale of products or provision of services, that can,
singly or in combination with other information, identify a
Examples of consumer personal information provide additional
clarity, such as information which refers to a consumer's name,
gender, occupation, birth date, identification card number,
residential address, contact information, income and financial
status, health status, and consumer status. This definition is a
welcome addition in the midst of China's patchwork of privacy
rules and regulations.
Violations of the Measures may result in significant penalties.
The Measures state that the SAIC and its local Administrations of
Industry and Commerce may impose a fine of up to RMB 500,000 if
there are no illegal earnings. In the event that there are illegal
earnings, however, they may issues fines of up to 10 times the
amount of the illegal earnings and confiscate all illegal
It is hoped that these new Measures (in combination with the
CRPL) will help to repair consumer trust in Chinese companies, and
protect the improper use, disclosure and sale of consumers'
personal information in the country.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
On 12 August 2016, the Cyberspace Administration of China (CAC), the General Administration of Quality Supervision, the Inspection and Quarantine of China (GAQSIQ), and the Standardisation Administration of China (SAC) jointly released Several Guidelines to Strengthen National Cybersecurity Standardisation (the "Guidelines").
On July 21, the Personal Data Protection Commission ("PDPC") imposed a $5,000 fine on Toh-Shi Printing Singapore for its failure to implement proper and adequate verification procedures...
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).