Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Draft Chinese Rules Target Mobile Smart Devices and Online Content Providers

Posted in China, Cybersecurity, Mobile

China’s internet regulator, the Ministry of Industry and Information Technology (“MIIT”), has released two draft regulations that could significantly impact how mobile smart device manufacturers (such as smartphones) and internet information service providers (“IISPs”) handle users’ personal information in China.

On June 1, 2012, MIIT released the Notice Regarding Strengthening the Management of Network Access for Mobile Smart Devices (Draft for Public Comment) (“Draft Notice”), which would require manufacturers of mobile smart devices to ensure that applications preinstalled or made available through other means — potentially including online app stores — do not collect or alter their users’ personal information without express notice and user consent.  The Draft Notice would also require smart device manufacturers to ensure that any application provided on their devices does not contain malicious code, infringe user privacy, access restricted functions or contain content restricted under PRC law.

The Draft Notice is China’s first rule to expressly target the mobile smart device industry.  According to the Wall Street Journal, China’s total market for smartphones has more than tripled in less than three years, with 31.2 million smartphone devices sold in the first quarter of 2012, compared with just 7.2 million in the fourth quarter of 2009. We anticipate other regulations targeting this sector to be released shortly.

MIIT has also released, on June 7, 2012, the Regulation on Internet Information Services of the PRC (Amended Draft for Public Comment) (“Draft Amendment”).  The Draft Amendment contains a number of provisions heightening China’s internet content restrictions and clarifying and expanding authorities’ right to access IISP user records.  The Draft Amendment would also prohibit IISPs from selling, altering, purposefully divulging or illegally using users’ personal information, and would confiscate illegal gains and levy administrative fines for any such violation.  If the violation is deemed “serious,” then MIIT may suspend the IISP’s service or revoke its ICP license.

The ability of internet users to post comments on microblogs or internet forums would also be affected as the Draft Amendment would require IISPs to require real-name registration from all users seeking to make public comments online.

Please see our client alert (available here) for a further summary of the draft regulations and their implications.

 

Links:

Notice Regarding Strengthening the Management of Network Access for Mobile Smart Devices (Draft for Public Comment) [Chinese]

Regulation on Internet Information Services of the PRC (Amended Draft for Public Comment) [Chinese]