MIIT

On July 16, 2013, China’s Ministry of Industry and Information Technology (“MIIT”) promulgated the Provisions on Protecting the Personal Information of Telecommunication and Internet Users (“Internet Provisions”).  The Internet Provisions, which take effect September 1, 2013, provide specific implementation rules for telecommunication and internet information service provider’s (“TSPs” and “IISPs,” respectively) collection and use of “user’s personal information,” based on a more generally addressed national law protecting “personal electronic information” issued in December 2012 and entitled Decision of the Standing Committee of the National People’s Congress on Strengthening Online Information Protection (see our previous client alert here).

“IISPs” is a broad category that includes all companies utilizing a mainland-based website (i.e. a website registered with or licensed by MIIT) to collect personal information (“PI”) from their customers or site visitors.  “TSPs” are those entities providing access to telecommunications services, such as China Mobile.Continue Reading China Issues Comprehensive Regulation on Collection and Use of Personal Information by Websites and Telecommunication Service Providers

On April 10, 2013, China’s internet regulator, the Ministry of Industry and Information Technology (“MIIT”), issued a draft regulation for public comment entitled Provisions on Protecting the Personal Information of Telecommunication and Internet Users  (“Draft Provisions”).  The Draft Provisions would impose additional requirements when telecommunication service providers (“TSPs”) and internet information service providers (“IISPs”) collect and use personal information (“PI”), and would direct these entities to implement a number of compliance measures to protect against disclosure, damage, or loss of PI.  The Draft Provisions would also provide MIIT with significant authority to enter premises and request documents for purpose of assessing the PI protection efforts of any TSP or IISP. 

The Draft Provisions are intended to implement the general requirements set forth in the Decision of the Standing Committee of the National People’s Congress on Strengthening Online Information Protection (“Online Information Decision”), which was promulgated in December 2012.  (See our client alert here.)  The term “IISPs” includes all companies utilizing a PRC-based website (i.e., a website registered with, or licensed by, MIIT) to collect PI from their customers or site visitors.Continue Reading China Releases Draft Regulation for Online Collection and Use of Personal Information

On December 28, 2012, China’s national legislature enacted a new law to further regulate the collection and use of online personal information and to require certain network service providers to implement real name registration for all users. 

As described below, the new law may affect all businesses handling an individual’s “personal electronic information” in China, even if that information is not necessarily processed over the internet.  For many companies operating websites hosted in China, the new law will require only slight modifications to existing data handling practices, as many of the new law’s provisions reflect or only slightly modify other provisions found in existing law.  However, websites providing “internet publication services” such as blogs, microblogs, or online forum providers, will be required to implement a real name registration system for their users.  The specifics of the real name registration system have not been announced and will likely come from China’s principal internet regulator, the Ministry of Industry and Information Technology (“MIIT”), which is drafting regulations in furtherance of the new law. Continue Reading China’s New Data Privacy Legislation Targets “Personal Electronic Information” And Implements Real Name Registration for Certain Websites

China’s Internet regulator, the Ministry of Information and Industry Technology, or MIIT,  is close to releasing the final version of China’s first national standards for personal information protection.  Drafted with the assistance of two other government departments, the release of  “Information Security Technology – Guidelines for Personal Information Protection” (信息安全技术个人信息保护指南) represents China’s first foray into