China
Standard Terms of Internet-Trading-Platform Contracts
Address Seller's Liability with Consumer's Personal
Information
On July 30, the State Administration of Industry and Commerce promulgated guidelines (source document in
Chinese) on the Standard Terms of Internet-Trading-Platform
Contracts (Article 10) to provide that, under the standard terms,
the seller cannot preclude its liability with respect to the
security of the consumer's personal information.
Local People's Governments Must Report to Superior
Department if Disclosing Personal Privacy
Information
On August 7, the State Council promulgated interim regulations (source
document in Chinese) on the Disclosure of Enterprise Information
(Article 3) to provide that relevant departments of local
people's governments at or above the county level shall report
to their respective superior competent departments for approval if
the enterprise information to be disclosed by the former implicates
personal privacy.
Personal Information to be Deleted when Publishing
Administrative Penalty Information
On August 19, the State Administration for Industry and Commerce
promulgated interim provisions (source
document in Chinese) on the Publication of Administrative Penalty
Information. Article 6 provides that when publishing administrative
penalty information, the administrations shall delete relevant
personal information.
Chinese Convict British-American Investigators for Selling
Illegally Obtained Personal Information
A Chinese court in Shanghai convicted a British-American couple of
illegally purchasing the personal information of more than 250
Chinese citizens and selling the information to clients. The
couple's company had been hired by GlaxoSmithKline to conduct
an internal investigation at the time of their arrest. The arrest
took place days after the Chinese government publicly alleged that
Glaxo employees had participated in bribery.
Hong Kong
Hong Kong Recruitment Media Pledges to Fight Blind
Recruitment Advertisements
On August 4, six major recruitment media companies
pledged to fight blind recruitment advertisements. Such
advertisements solicit job applicants' personal data without
disclosing the advertisers' identities, in violation of the
Personal Data (Privacy) Ordinance for failing to collect personal
data by lawful and fair means.
Hong Kong Privacy Commissioner Urges Expansion of
Do-Not-Call Registers to Include Person-to-Person
Calls
On August 5, the Privacy Commissioner for Personal Data urged the Administration to expand the do-not-call
registers to include person-to-person calls. The do-not-call
registers allow telephone subscribers to register their telephone
numbers to prevent unsolicited commercial electronic messages.
Japan
Japanese Government Submits Bill for Basic Act of
Cybersecurity
On June 11, a bill (source document in Japanese)—Basic Act of Cybersecurity—was submitted
to the House of Representatives. The bill, aimed at improving
cybersecurity, was passed by the House of Representatives on June
13 and sent to the House of Councillors.
Ministry of Economy, Trade, and Industry Reviews
Ministerial Guidelines on Personal Information Protection
Act
On August 15, the minister of the Ministry of Economy, Trade, and
Industry ("METI") announced that the ministry would
review and revise its ministerial guidelines on the Personal Information
Protection Act. In the wake of a recent massive customer data
breach incident, METI found that the guidelines needed to be
revised in order to reinforce certain security measures to be taken
by companies, including improved control and supervision over data
processing vendors.
Singapore
Singapore Penalizes First Offenders Under New Personal
Data Protection Act
In August, Star Zest Home Tuition and its sole director
became the first offenders penalized under the do-not-call rules of
Singapore's Personal Data Protection Act of 2012 for sending
advertising messages to Singapore phone numbers registered with the
Do Not Call Registry. The agency and director were fined
S$39,000.
Personal Data Protection Commission Publishes Advisory
Guidelines for Education, Health Care, and Social Service
Sectors
On September 11, the Personal Data Protection Commission of
Singapore published three sector-specific advisory guidelines for
the education, health care, and social services sectors
respectively, bringing the total number of advisory guidelines
published to date to five (the other two sectors covered were
telecommunications and real estate agency).
Do Not Call Registry Results Valid for 30
Days
Effective July 2, organizations that compare
internal marketing lists with the Do Not Call Registry can rely on
the results of that registry for up to 30 days (down from the
previous 60 days).
Taiwan
Ministry of Justice Submits Draft Bill to Relax
Requirements Under Communication and Surveillance
Act
The Ministry of Justice submitted a draft bill for the
Executive Yuan (source document in Chinese) to relax the
limitations imposed on prosecutors' requests for communication
records and to allow prosecutors to obtain such records in an
emergency.
Executive Yuan to Submit Bill Authorizing Establishment of
National Communication Safety Technology Center
The Executive Yuan seeks to submit a bill (source document in Chinese)
authorizing the establishment of a National Communication Safety
Technology Center. If such a bill is passed, the Executive Yuan can relocate a technical center
(source document in Chinese) employing approximately 100 people to
the jurisdiction of the Ministry of Science and Technology. The
current proposal is that the National Communication Safety
Technology Center will focus on certain aspects of information
safety in the public and private sectors.
National Communication Commission Aims to Address Issues
Derived from Cross-Strait Serving Trade Agreement
Due to the "China issue," the National Communication
Commission ("NCC") prohibits the use of telecom systems built by PRC
manufacturers and has imposed restrictions on PRC nationals
entering certain telecom equipment rooms. The NCC also has imposed strict rules on capital investments
from the PRC in "Type II Telecommunication" in Taiwan,
requiring PRC companies to first obtain ISO/IEC certification
before making any such investment in Taiwan, preventing them from
removing customer data, sales department and system/equipment to
the PRC, and precluding them from providing computer maintenance to
Taiwanese telecom companies. The NCC aims to provide unified definitions for all services
relating to telecommunication so that the types of investments
allowed under the Cross-Strait Serving Trade Agreement are clearly
defined.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.