Legislation
CAC Publishes Notification Guidelines for Security Assessment on Cross-border Data Transfer (1st Edition)
On August 31, 2022, in order to guide data handlers to declare outbound data transfer security assessment orderly, the Cyberspace Administration of China ("CAC") has promulgated the Notification Guidelines for Security Assessment on Cross-border Data Transfer (the 1st Edition),which explains the specific requirements on the declaration method, declaration process and declaration materials for outbound data transfer security assessment. 1
SPC, SPP and MOPS Jointly Publish Opinions on Several Issues Concerning the Application of Criminal Procedures for Cyber Crime Cases
On August 30, the Supreme People's Court ("SPC"), the Supreme People's Procuratorate ("SPP"), and the Ministry of Public Security ("MOPS") jointly publishes the Opinions on Several Issues Concerning the Application of Criminal Procedures for Cyber Crime Cases. The main contents of the opinion include: (i) further regulating the jurisdiction of cyber-crime cases; (ii) further regulating the taking of evidence in cyber-crime cases; (iii) further regulating the examination of evidence in cyber-crime cases; and (iv) further regulating the handling of property involved in cyber-crime cases. 2
Shanghai Economy and Information Technology Commission Publishes Measures for the Administration of Information Infrastructure in Shanghai (Exposure Draft)
On August 29, to promote the construction of information infrastructure, safeguard the security of information infrastructure, and support the development of informatization and digital transformation needs in Shanghai, the Shanghai Economy and Information Technology Commission formed the Measures for the Administration of Information Infrastructure in Shanghai (Exposure Draft) which is now open to public comments. 3
Department of Industry and Information Technology of Guangdong Province Issues Guide to Building Chief Data Officers for Guangdong Enterprises
On August 24, to build a high-end talent team for data management, fully exploit the value of data resources, promote the digital transformation of enterprises, and facilitate the high-quality development of the province's digital economy, the Department of Industry and Information Technology of Guangdong Province notified that the Guide to Building Chief Data Officers for Guangdong Enterprises was issued to all administrative departments in Guangdong Province. 4
MOT Publishes Administrative Measures for Protection on Critical Information Infrastructure on Highway and Waterway (Draft for Comment)
On August 23, to regulate the management of the protection of critical information infrastructures ("CII") on highways and waterways and to implement the responsibility for CII protection, the Ministry of Transport ("MOT") drafted the Administrative Measures for Protection on Critical Information Infrastructure on Highway and Waterway (Draft for Comment) which is now open to public comments. 5
National Health Commission and Other Departments Jointly Publishes Administrative Measures for Cybersecurity of Medical and Health Institutions
On August 8, to guide healthcare institutions to strengthen the cyber security management, the National Health Commission, the National Administration of Traditional Chinese Medicine and the National Administration of Disease Prevention and Control formulated the Administrative Measures for Cybersecurity of Medical and Health Institutions.6
Enforcement Authority
Personal Information Protection Forum of China Internet Civilization Conference in 2022 held in Tianjin
On August 29, 2022, the Personal Information Protection Forum of China Internet Civilization Conference in 2022 was held in Tianjin. With the theme of "Better personal information protection, better internet civilization", the forum aims to focus on personal information protection in the process of building internet civilization, showcase theoretical achievements and innovation in personal information protection, discuss and exchange cooperative governance mechanisms, and promote the rule of law in personal information protection in the construction of digital civilization. 7
China to Establish Authoritative and Trusted Digital Identity Blockchain System
On August 25, "Research and application of digital identity blockchain technology based on legal certifications" which is in the "Bounty List" of National Key Research and Development Program, led by the Institute I of the Ministry of Public Security ("MOPS"), was officially launched and implemented. As the underlying blockchain platform, "Chang'an Chain" will support the construction of a high-performance distributed digital identity structure and provide technical support for the construction of a credible digital identity system in China. 8
Shanghai Data Exchange Takes Lead of Setting up Digital Asset Section
On August 24, the "Shanghai City Digital Transformation Experience Week" was officially held. At the event, as the key infrastructure for Shanghai's digital transformation and important achievement in the construction of data element market, Shanghai Data Exchange was the first in China to set up digital asset section, reconstructing the digital asset system and creating a new model of deep integration between digital assets and the real economy. On the same day, the Shanghai Data Exchange, together with Huayi Group's state-owned brand "WARRIOR" and the first issuance platform of digital assets "Bilibili", premiered the digital asset "WARRIOR DESIGN - First Year". 9
Shanghai Holds Meeting on Data Classification and Grading and Formulating Catalogs of Important Data by Pilot Working Group
On August 24, Shanghai cyberspace administration and the General Office of the Municipal Government ("pilot working group") organized about 50 people of 16 pilot organizations to hold a meeting on data classification and grading and formulating catalogs of important data. The meeting introduced the plan of the pilot working and mentioned specific work requirements. In the next step, the pilot working group will further strengthen the co-ordination to enhance the level of data security protection in the city. 10
Guangdong Provincial Postal Administration Joins Relevant Departments to Supervise Governance of Personal Information Security in Postal and Express Sector
On August 24, the Guangdong Provincial Postal Administration joins the Provincial Public Security Department and Provincial Cyberspace Administration, carried out a provincial supervision and inspection in Guangzhou on the in-depth promotion of the governance of personal information security in the postal and express sector. The Steering Group held a meeting to listen to the report on the governance of personal information security from major express enterprises such as Sto Express Co., Ltd., YTO Express Group Co., Ltd., ZTO Express Co., Ltd., and to deploy the next stage of work. 11
MIIT Organized More than 300 Industrial Enterprises Conducts Data Security Management Pilots
On August 19, Shaoqing Zhou, the top level inspector of the Ministry of Industry and Information Technology ("MIIT"), announced at a news conference that the MIIT has been in the industrial region, organizing more than 300 industrial enterprises in 15 provinces to carry out data security management pilots and keep exploring the construction of data management governance model. 12
CAC States More than 20 Enterprises to Go Public Abroad Declared Cybersecurity Review
On August 19, the CAC stated: to meet the requirements of the Cybersecurity Law of the People's Republic of China ("CSL"), the Data Security Law of the People's Republic of China ("DSL"), the Personal Information Protection Law of the People's Republic of China ("PIPL") and other regulations, the relevant departments of the CAC have revised the Cybersecurity Review Measures. Since the revision and implementation of Cybersecurity Review Measures on February 15, 2022, more than 20 companies planning to go public abroad have declared to the Office of Cybersecurity Review. 13
CAC Announces Filing Information on Internet Information Service Algorithm System
On August 12, according to the Administrative Provisions on Algorithm Recommendation for Internet Information Services, the CAC announces the names and filing numbers of domestic Internet information service algorithms, and the relevant information can be checked through the internet information service algorithm filing system. 14
6 Cities to Carry out Pilots of High-Precision Maps for Intelligent Connected Vehicles
On August 2, the Ministry of Natural Resources issued the Notice on Relative Work to the Pilots of High-Precision Maps for Smart Vehicles, in which six cities, namely Beijing, Shanghai, Guangzhou, Shenzhen, Hangzhou and Chongqing, will conduct the action to form a technical path and demonstration model for the safe application of maps related to autonomous driving that can be replicated and promoted nationwide. 15
CAC Publishes Report of the Digital China Development (2021)
On August 2, to implement the important deployment of the Party Central Committee and the State Council on building Digital China, and to further implement the strategic plans in digitalization, the CAC, together with relevant departments, tracked and monitored the digital development of various regions and sectors, carried out the assessment of digital development in China, and completed the Report of the Digital China Development (2021). The report summarizes the remarkable achievements made in the construction of Digital China since the 19th Communist Party of China National Congress and the important progress and effectiveness in 2021, assesses the level of digital development in various regions in 2021, and provides an outlook for the construction of Digital China in 2022. 16
Enforcement Cases
MIIT Notifies 47 APPs and SDKs Infringing on Rights of Users
On August 26, 2022, the MIIT organized third-party testing agencies to review mobile APPs and SDKs that are of concern to the public, such as hotels and restaurants, applications for minors, and put forward rectification requirements for a total of 227 APPs (SDKs) found to be infringing on users' rights and notified 47 APPs (SDKs) that had not completed rectification as required. 17
Shanghai Communications Administration Notifies 127 APPs Infringing Users Rights and Interests
On August 22, in accordance with the PIPL, the CSL, the Telecommunications Regulations, and the Provisions on Protecting the Personal Information of Telecommunications and Internet Users, etc., the Shanghai Communications Administration organized third-party testing agencies to review APPs for infringement of rights of users and ordered 127 APPs related to "collecting personal information in violation of regulations", "illegal use of personal information" and "deceiving and misleading users to download Apps" with rectification requirements. 18
CAC Interviews 3,491 Websites and Platforms and Fines 283 Websites in 1st Half of 2022
On August 19, Yibing Niu, the news spokesman of the CAC, announces that to promote the rule of law in cyber region, the national network system in the first half of 2022, interviewed 3,491 websites legally, fined 283 websites, suspended the functions or updates of 419 websites, removed 177 mobile applications, canceled the license or recordation, and closed 12,292 illegal websites in conjunction with the telecommunications administrations. 19
Shanghai Communications Administration Notifies 18 Companies Failed to Implement Rectification on Cybersecurity Protection on Schedule
On August 15, the Shanghai Communications Administration inspected 6 companies and found that they had failed to implement their responsibilities for the management of cybersecurity protection. At the same time, the 22 rated systems of 18 companies failed to implement the rectification requirements of communication network security protection management on schedule. The notification states that the above-mentioned companies should implement the rectification work by 15 September 2022 (within 30 days from the date of publication of the notification). 20
Jiangsu Launches Cybersecurity Operation to Identify Data Security Risks in 3 Types of Enterprises
On August 11, the special action of cyber and data security review in telecommunication industry in Jiangsu Province was officially launched. The target objects of this action involve three types of enterprises, including four basic telecommunication enterprises, 100 provincial Internet enterprises and 200 industrial Internet enterprises. At the end of the review, the Provincial Communications Administration will organize comments, notify problems, and supervise rectification. 21
Shanghai Consumer Council States Banking APPs Shall Collect Users' Data on "Health and Fitness" in Clearer and More Explicit Approach
On August 9, China's Industrial Bank ("CIB") responded to the topic of "the CIB APP monitors the heart rate and step count of users", stating that the permission is not opened by default, and only when the customer intends to participate in the "Walk" activity will the application for the relevant permission appear. The information will only be obtained with the customer's consent. If the customer does not agree, it does not affect the use of other functions of the CIB APP. The Shanghai Consumer Council pointed out that although users' disagreement will not affect the online financial services of the CIB APP, it hoped that CIB would clearly and explicitly inform consumers of the purpose of requesting data on their health status and fitness activities, which could otherwise easily lead to questions. 22
CAC Concentrates on Rectifying Chaos of Speculation Involving Virtual Currencies
On August 9, the CAC stated: in accordance with the spirit of the Notice on Further Preventing and Dealing with Speculation Risks in Virtual Currency Trading, the CAC has urged and guided major websites to effectively implement their main responsibilities, continue to maintain a high pressure against speculation in virtual currency trading, and increase efforts in self-correction of information and accounts on inducement of investment in virtual currency. The website platforms, such as Sina Weibo and Baidu, closed 12,000 offending accounts and cleaned up more than 51,000 pieces of offending information according to their user agreements. 23
CAC Publishes Typical Cases of Telecommunication and Cyber Fraud Involving Minors
On August 9, the officers of the CAC stated based on the action brought by CAC and the MOPS during the summer holiday including cleaning up the online fraud-related harmful information, accurately reminding the potentially deceived people, strictly punishing the lawbreakers, maintaining the safety of minors' property and mental health, that the websites fulfill their responsibilities of information management, and play an important role in disposing fraud-related harmful information, and rectifying telecommunications and cyber fraud. But at the same time, some websites and platforms fail to recognize their responsibilities and improve their system and mechanism. To improve people's ability to know and prevent fraud, especially minors, therefore some typical cases are published. 24
CBIRC Launches Special Rectification to Change Banking and Insurance Institutions' Infringement of Rights and Interests of Personal Information
On August 8, the China Banking and Insurance Regulatory Commission ("CBIRC") issued the Notice on Special Rectification of Irregularities of Banking and Insurance Institutions Infringing upon Personal Information Rights and Interests to all CBIRC local bureaus, banking and insurance institutions, etc., requiring a comprehensive inventory and investigation of problems and loopholes in the protection of personal information in the banking and insurance industry, in-depth rectification of the chaos of infringing on the rights and interests of consumers' information, and supervising banking and insurance institutions to establish or upgrade the working mechanism for the protection of consumers' personal information, etc. 25
Zhejiang Communications Administration Announces APPs that Violate Rights and Interests of Users
On August 3, the Zhejiang Communications Administration stated that it had commissioned third-party testing agencies to test 50 mobile phone applications, of which 42 APPs had problems related to "collecting personal information in violation of regulations", "collecting personal information beyond the scope", "illegal use of personal information", "forcing users to use directional push functions", etc. The Zhejiang Communications Administration has ordered in writing that the problematic APPs and related enterprises rectify the situation within a certain period. 26
Police of Haizhu City in Guangzhou Punishes 21 Companies for Using APPs to Collect Personal Information in Violation of Regulations
On August 3, to further strengthen the protection of personal information, the police of Haizhu City in Guangzhou concentrated on special rectification activities for collection of personal information in violation of regulations by APPs to carry out comprehensive enforcement reviews on organizations and enterprises providing mobile Internet services, and punished 21 enterprises for their non-compliance in accordance with the law. 27
MIIT Announces Quality of Telecommunications Services in 2nd Quarter of 2022: Tested 570,000 APPs and Ordered Rectification on 358 APPs
On August 2, in accordance with the Telecommunications Regulations of the People's Republic of China, the MIIT notified the quality of the telecommunications services in the second quarter of 2022. Among them, the MIIT organized testing of 570,000 APPs, ordered 358 APPs to be rectified and publicly notified 121APPs. 28
Guangdong Communications Administration Conducts Cybersecurity Review on Xiaopeng Automotive and GAC Toyota's Internet of Vehicles
On August 2, to implement the requirements of the CSL, and the Several Provisions on Automotive Data Security Management (for Trial Implementation), etc., according to the unified work deployment of the MIIT, Guangdong Communications Administration organized experts from the China Center for Information Industry Development ("CCID") and China Academy of Information and Communications Technology ("CAICT"), to carry out a week-long cybersecurity review on Guangzhou Xiaopeng Automotive Technology Co., Ltd. and GAC Toyota Motor Co., Ltd. The review focused on two major aspects: one is the safety of the Internet of Vehicles service platform, and the other is the data safety of Internet of Vehicles. 29
Shanghai Strengthens Control on APPs With More Than 5 million Downloads/Installs and to Adopt Stricter Regulations From August
On August 1, in continuation of the Notice of the Ministry of Industry and Information Technology on Launching the Action for Improvements to the Perception of Information and Communications Services issued in November 2021, the Shanghai Communications Administration will focus on APPs (including new forms such as rapid applications and mini programs) with more than 5 million downloads/installations within a single domestic application market. In fact, mobile APPs have been the subject of regulations several times in recent years, with the Administrative Provisions on Mobile Internet Applications Information Services having been released in June 2022 and coming into effect from August 1, 2022. 30
Courts Litigation
Hangzhou Internet Court Releases "10 Typical Cases of Data and Algorithms" and "10 Typical Cases of Personal Information Protection" on its 5th Anniversary
In August, 2022, Hangzhou Internet Court selected 10 typical cases closely related to data or algorithms to be released on the 5th anniversary of its establishment, which involved areas such as the legal attributes and the protection of data products, and the boundary of legality of commercial use of public data. To focus on the highlighted issues and public concern regarding personal information protection, Hangzhou Internet Court selected and released 10 typical cases closely related to personal information protection as well. One of the typical cases is that a short video APP operated by a technology company infringed the personal information of massive unspecified children. On 11 March 2021, the Hangzhou Internet Court made a civil mediation, in which the technology company stopped the infringement, apologized, and compensated damages of RMB 1.5 million for the reconstruction of children's personal information protection, and rectified the short video APP platform. 31
Court Rules Use of "Crawler" Software by 9 People to Obtain Mobile Phone Numbers of Operators Constitutes Crime of Infringement Upon Citizens' Personal Information
Since March 2021, Mr. Zhao and others wrote crawler tools and B software for profit, and used the software to illegally obtain the personal mobile phone numbers of operators of newly registered companies in the region by accessing the websites of industrial and commercial bureaus. On August 19, the court held that Mr. Zhang and eight others sold personal information of citizens to others in violation of the relevant regulations, and their acts have constituted the crime of infringement upon citizens' personal information. 32
Court Rules Disclosure of Personal Information in Indictment without Consent Constitutes Infringement
On August 16, the court responded to a case in which a property owner sued the committee of property owners for infringement of privacy rights, as to whether the disclosure of personal information in indictments without consent constitutes infringement. The court held that personal information such as identity card number, date of birth, place of residence, telephone number and other personal information contained in the indictment is sensitive information, which is related to peace of personal life and may endanger personal and property safety if leaked or misused, and is private and confidential information, which shall be included in the scope of privacy right protection, and therefore, the above-mentioned behavior constitutes infringement of privacy right. 33
Court Rules Sale of Personal Information to Others Constitutes Crime of Infringement Upon Citizens' Personal Information and Liable for Public Compensation
On August 10, Jiangshan Intermediate People's Court of Zhejiang Province concluded a case of public interest civil litigation collateral to a criminal proceeding for infringement of citizens' personal information. The defendant, Li, was sentenced in the first instance to seven months' imprisonment, suspended for one year and one month, confiscated the illegal proceeds and fined for agreeing to a friend's request to sell the property owner's information obtained when joining a real estate company for profit, while the court ordered Li to bear public compensation of RMB 16,500 and to publicly apologize in the media above the municipal level. 34
SPP Releases Typical Cases Related to Data Compliance of Internet Companies
On August 10, the SPP released the third batch of typical cases related to data compliance of internet companies, which is also the first time that typical cases were released after the SPP deployed nationwide pilots of data compliance for enterprises involved in cases in April. The typical cases were selected from the cases recently completed by the procuratorial authorities, taking into full consideration the characteristics of different types of enterprises, including large, medium-sized, and small and micro enterprises. The cases are not only including the specific compliance system for large and medium-sized enterprises, but also include the simplified compliance system for small and micro enterprises, making the typical cases more representative. 35
Dentons Team
Dentons Holds Off-line Sharing Conference on Data Compliance in Beijing
On August 10, 2022, under the background of the introduction of the Security Assessment Measures for Cross-border Transfer of Data, Provisions on Standard Contracts for Cross-border Transfer of Personal Information(Draft for Comment) and the Cybersecurity Standards Practice Guide ——Security Certification Standard for Cross-border Processing Activities of Personal Information, Dentons lawyers held an offline seminar in Beijing on the theme of "New Regulations on Cross-border Transfer of Data: Interpretation of Legislation and Response in Practice", with guest speakers including Ke Xu, Executive Director of the Digital Economy and Legal Innovation Research Center of the University of International Business and Economics, Jet Deng, Senior Partner of Dentons Beijing, and Ken Dai, Partner of Dentons Shanghai.36
Footnotes
1 http://www.cac.gov.cn/2022-08/31/c_1663568169996202.htm
2 https://www.spp.gov.cn/spp/xwfbh/wsfbt/202208/t20220830_575301.shtml#1
3 http://www.sheitc.sh.gov.cn/gg/20220817/a15a0885a77d4dbca51a7e740d8a926c.html
4 https://mp.weixin.qq.com/s/G9k4AjDwUIVhJF8PpE8HAg?scene=25#wechat_redirect
5 https://www.mot.gov.cn/yijianzhengji/dangqianzhengji/202208/t20220823_3669717.html
6 http://www.nhc.gov.cn/guihuaxxs/s10743/202208/50e2ef41b7554ae894053bcac32b79f0.shtml
7 http://www.cac.gov.cn/2022-08/31/c_1663567296562726.htm
8 https://mp.weixin.qq.com/s/PaK0I5kCIEF5v3dfvXSRbg?scene=25#wechat_redirect
9 https://mp.weixin.qq.com/s/eMRbEJQzAwnk_TdYz_OYCA?scene=25#wechat_redirect
10 https://mp.weixin.qq.com/s/RTPL2Lry8wpLtBKEdO8giw?scene=25#wechat_redirect
11 https://www.spb.gov.cn/gjyzj/c100015/c100016/202208/c65adf1ca12f45a396f760e2606f965f.shtml
12 https://news.youth.cn/gn/202208/t20220819_13934128.htm
13 http://news.cyol.com/gb/articles/2022-08/19/content_Oo6KmIWya.html
14 http://www.cac.gov.cn/2022-08/12/c_1661927474338504.htm
15 https://www.mnr.gov.cn/dt/ywbb/202208/t20220802_2743109.html
16 http://www.cac.gov.cn/2022-08/02/c_1661066515613920.htm
17 https://mp.weixin.qq.com/s/1ZdnivGpVGJGG7_nw7EbAA?scene=25#wechat_redirect
18 https://mp.weixin.qq.com/s/dwlCkGjeRQRGf23xyvT7fw?scene=25#wechat_redirect
19 https://china.huanqiu.com/article/49IgeRcZHNK
20 https://china.huanqiu.com/article/49FiYxGNxh8
21 http://js.people.com.cn/n2/2022/0812/c360303-40077241.html
22 https://mp.weixin.qq.com/s/prtw-ntdgRB7M8Xf4hLHHg?scene=25#wechat_redirect
23 https://mp.weixin.qq.com/s/gpOkKXocfzDBE8vhNQOQDA?scene=25#wechat_redirect
24 http://www.cac.gov.cn/2022-08/08/c_1661598811963807.htm
25 https://m.thepaper.cn/newsDetail_forward_19392283
26 https://zjca.miit.gov.cn/zwgk/tzgg/art/2022/art_16c19b470d0b4c65931f4a7f81653029.html
28 https://www.miit.gov.cn/zwgk/zcwj/wjfb/tg/art/2022/art_281d5b2df5f249e3a1ac88db9fcf43c3.html
29 https://gdca.miit.gov.cn/xwdt/gzdt/art/2022/art_40d6b634664248d0b982470b98ab273e.html
30 http://www.21jingji.com/article/20220801/herald/3460406360e98054a415453eb50db210.html
31 https://mp.weixin.qq.com/s/w06mB72p9V_asia3Vijt5A?scene=25#wechat_redirect, https://mp.weixin.qq.com/s/82rYeUUmNzCgehKjY4ifhA
32 https://news.sina.cn/gn/2022-08-17/detail-imizmscv6538401.d.html
33 https://www.chinacourt.org/article/detail/2022/08/id/6852195.shtml
34 http://rmfyb.chinacourt.org/paper/html/2022-08/11/content_219842.htm?div=-1
35 https://www.spp.gov.cn/spp/xwfbh/wsfbt/202208/t20220810_570413.shtml#1
36 https://mp.weixin.qq.com/s/YLY0acSs2n3DPD3lCWleGw
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
