China's Internet Data Privacy Regulations 2012: 80 Percent of a Great Leap Forward?
University of New South Wales, Faculty of Law
April 15, 2012
Privacy Laws & Business International Report, Issue 116: 1-5, April 2012
UNSW Law Research Paper No. 2012-13
Internet-based businesses in China have until now not been required to comply with any comprehensive data privacy law, but from March 15, 2012 business providing ‘Internet information services’ in China must comply with a much more comprehensive data privacy law, which can be briefly called the Internet Information Services Regulations. ‘Internet information service provider’ refers to all parties providing information to Internet users over the Internet. The Regulations use a definition that is similar to the definition of personal data used in laws in other countries, and clearly implies that this is broader than information collected from the user, such as information collected from third parties or information generated by the IISP itself from transactions with the user. They are to be enforced by China’s various ‘Telecommunications Authorities’.
The data privacy principles in the Regulations are analyzed here in accordance with the usual division of privacy principles found in such instruments as the OECD Guidelines, and other principles developed since then. They are on the one hand surprisingly comprehensive, but on the other hand have a couple of major omissions. The enforcement methods in the Regulation are diverse, but primarily at the initiative of the Telecommunications Authorities. They do not include civil damages provisions, but these may be provided by other aspects of Chinese law, read in conjunction with these Regulations.
Commentators on China’s Internet industry expect that these Regulations will be actively enforced, in part as a result of a string of widely publicized unauthorized disclosures of user information by Internet companies in 2011, and that some industry sectors will have considerable compliance problems. The article concludes with reasons for the significance of these Regulations, and how they compare with international standards. The Regulation is a very significant step for China, even if it would be a very limited one in other countries.
Number of Pages in PDF File: 7
Keywords: Asia, China, privacy, data protection, regulationAccepted Paper Series
Date posted: May 1, 2012 ; Last revised: May 5, 2012
© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.
This page was processed by apollo2 in 0.406 seconds