[At-Large] China and Personal Data Protection
hongxueipr at gmail.com
Sat Feb 4 01:42:31 UTC 2012
Thanks for sharing this. These New "Regulations" are at the ministerial
administrative regulations, which are not "laws" binding in the judicial
system (but can be of reference whenever necessary). Nonetheless, personal
data protection has long been protected in the Chinese legal system, dating
back the early "administrative regulations" from 1997. ISPs have always
been obligated to protect their users' "privacy", which is a civil right
protected under the Chinese Tort Liability Law. If an ISP illegally
discloses and/or transfers its users' personal data, it should be subject
to criminal liability under the Chinese criminal law. What is missing and
badly needed is a "specific" law or regulation on personal data protection
so as to converge the scattered legal provisions from different sources.
The new regulations merely add another piece on the legal patchwork.
Actually there are quite a few regulations that are going to be effective
or being drafting ("Regulations on Administration of Internet Retails")
have the same function. Anyway, as far as legal protection for personal
data can be improved or enhanced in China, irrespective whether it is in a
small step forward or merely restatement of existing law, it deserves
Dr. Hong Xue
Professor of Law
Director of Institute for the Internet Policy & Law (IIPL)
Beijing Normal University
19 Xin Jie Kou Wai Street
Beijing 100875 China
On Fri, Feb 3, 2012 at 11:06 PM, Carlton Samuels
<carlton.samuels at gmail.com>wrote:
> China has recently issued a regulation entitled “Several Provisions on
> Regulating Market Orders of Internet Information Services” (the “New
> Regulations”) that come into effect on March 15, 2012.
> The regulation explicitly imposes the data protection requirements on their
> Internet information service providers.
> The early report says it is consistent with data protection regimes in play
> elsewhere, including recent EU regulations; to expressly inform the method,
> content, and purpose for collecting and processing personal data in notice
> and consent communiques; stronger protection for the personal data they
> collect; collection limitations; use limitations; custody, remedy and
> breach notification obligations.
> The definition of user personal information in the regulations includes
> both (1) information that independently identifies a user and information
> that may be used to identify a user when combined with other information.
> Here's a very readable outline analysis of what was originally proposed.
> - Carlton
> Carlton A Samuels
> Mobile: 876-818-1799
> *Strategy, Planning, Governance, Assessment & Turnaround*
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> At-Large Official Site: http://atlarge.icann.org
More information about the At-Large