China's Incremental Data Privacy Law: MIIT 'User Data Protection' Regulations, 2013
(2013) 125 Privacy Laws & Business International Report, 18-19 , October 2013
3 Pages Posted: 20 Dec 2013 Last revised: 1 Apr 2014
Date Written: September 1, 2013
China’s Ministry of Industry and Information Technology (MIIT) has issued the Telecommunications and Internet Personal User Data Protection Regulations (‘User Data Protection Regulations’) on 28 June 2013, to take effect on 1 September 2013. The MIIT has previously issued Regulations in 2011 and Guidelines earlier in 2013, and is clearly taking the leading role among Ministries in the area of personal information protection. These MIIT Regulations should not be considered in isolation, but rather as the latest component of an evolving and incremental body of law.
These Ministry regulations are also made under the Telecommunications Regulations 2000, a higher level of legislation made by the State Council of the PRC. The Telecommunications Regulations create and regulate telecommunications business operators (TBOs), and must be complied with by ‘anyone that engages in telecommunications activities or activities related to telecommunications’ in the PRC.
This article details the extent to which this Regulation adds new principles to the cumulative set of data privacy principles in China, and the new aspects of administration and enforcement that it adds. These and earlier laws may be building up a template for how data privacy legislation could be extended to the whole of China’s private sector.
Keywords: China, MIIT, Asia, privacy, data protection, data privacy
Suggested Citation: Suggested Citation