China's Internet Data Privacy Regulations 2012: 80 Percent of a Great Leap Forward?
Privacy Laws & Business International Report, Issue 116: 1-5, April 2012
7 Pages Posted: 1 May 2012 Last revised: 13 Mar 2014
Date Written: April 15, 2012
Internet-based businesses in China have until now not been required to comply with any comprehensive data privacy law, but from March 15, 2012 business providing ‘Internet information services’ in China must comply with a much more comprehensive data privacy law, which can be briefly called the Internet Information Services Regulations. ‘Internet information service provider’ refers to all parties providing information to Internet users over the Internet. The Regulations use a definition that is similar to the definition of personal data used in laws in other countries, and clearly implies that this is broader than information collected from the user, such as information collected from third parties or information generated by the IISP itself from transactions with the user. They are to be enforced by China’s various ‘Telecommunications Authorities’.
The data privacy principles in the Regulations are analyzed here in accordance with the usual division of privacy principles found in such instruments as the OECD Guidelines, and other principles developed since then. They are on the one hand surprisingly comprehensive, but on the other hand have a couple of major omissions. The enforcement methods in the Regulation are diverse, but primarily at the initiative of the Telecommunications Authorities. They do not include civil damages provisions, but these may be provided by other aspects of Chinese law, read in conjunction with these Regulations.
Commentators on China’s Internet industry expect that these Regulations will be actively enforced, in part as a result of a string of widely publicized unauthorized disclosures of user information by Internet companies in 2011, and that some industry sectors will have considerable compliance problems. The article concludes with reasons for the significance of these Regulations, and how they compare with international standards. The Regulation is a very significant step for China, even if it would be a very limited one in other countries.
Keywords: Asia, China, privacy, data protection, regulation
Suggested Citation: Suggested Citation