ARTICLE
29 April 2013

China Enhances Personal Information Protection

KW
King & Wood Mallesons

Contributor

King & Wood Mallesons logo

A firm born in Asia, underpinned by world class capability. With over 3,700 lawyers in 26 global locations, we draw from our Western and Eastern perspectives to deliver incisive counsel.

We are focused on our clients – people and organisations with distinctive ambitions and challenges. We are driven to understand your needs, solve your problems and unearth the right opportunities for you. Whether you're expanding globally or strengthening locally, our service style is dynamic, insightful, and tailored for you.

Explore Firm Details
These new moves show that China has taken the significant first step towards enhancing personal information protection.
China Privacy
King & Wood Mallesons are most popular:
  • within Strategy, Environment, Government and Public Sector topic(s)
  • with readers working within the Media & Information industries

China's first national standard on personal information protection, namely the Guide of Personal Information Protection on Information Security Technology, Public and Commercial Information Service System (the "Guide") became effective on February 1, 2013. Only about one month earlier, the Decision on Strengthening Online Information Protection (the "Decision") was adopted by Standing Committee of the National People's Congress on December 28, 2012 and became effective on the same day. Both of the moves show that China has taken the significant first step on enhancing personal information protection.

The Decision, which has the force of law, provides fairly broad guiding principles and requirements for not only the internet service providers but also other entities in collecting and using personal electronic information, such as, explicitly indicating the purpose, manner and scope of collecting and using such information and obtaining the consent of the citizen whose information is collected, publishing their policies for collecting and using such information, not divulging, distorting or destroying such information, and not selling or illegally providing others with such information, and etc. In very general terms, violators may face penalties including, but not limited to, warnings, fines, confiscation of illegal gains, license revocations, filing cancellations and website closures. Responsible individuals can potentially be subject to a ban on engaging in web-related business activities, as well as administrative, civil and even criminal punishments.

The Guide, although it lacks the force of law, still represents a significant step forward in the fight for personal information protection in China and serves as an important guidepost for China's future lawmaking. According to the Guide, handling (including collecting, processing, transferring and deleting) of personal information must be for specific, clear and reasonable purposes, and should be subject to the permission of the individual who has been well-informed. Such information should be deleted once its intended use has been fulfilled. In addition, express consent of the individual concerned is required when transferring his or her personal information outside of China.

Both the Decision and the Guide take a relatively restrictive position on the transfer of personal information between data processors and could create difficulties for multinational corporations relying on third party data processing companies or routinely sharing information between affiliates. Additionally, companies will need to pay more attention to their compliance of business activities under e-commerce environments.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More