China’s top internet regulator, the Cyberspace Administration of China (“CAC”), continues to show interest in setting more stringent rules governing the protection of minors in the context of online activities and data privacy. Immediately prior to the October holiday, CAC released for public comment new draft regulations aimed at protecting minors on the Internet, the Regulations on the Protection of Minors in Cyberspace (“Draft Regulations”), which contain significant provisions addressing minors’ data privacy. Note that the scope of this new regulation is broader than the US’s Children’s Online Privacy Protection Act (“COPPA”), which focuses primarily on children’s privacy issues.
Below are some highlights from the Draft Regulations:
- The Draft Regulations are intended to apply to “minors,” but do not incorporate a specific definition of that term. In the absence of a specific definition, the Law on the Protection of Minors—which defines minors as individuals under the age of 18—is likely to apply. Note that COPPA’s protections apply only to children under the age of 13.
- Those collecting and using minors’ personal information must post a prominent warning identifying the source, content, and use of any such information collected, as well as obtain the consent of the minor or his/her guardian. Special policies will be formulated to govern the collection and use of minors’ personal information to strengthen protection. These rules would also apply to search results displayed by Internet search services.
- Minors and their guardians have the right to require Internet content providers (“ICPs”) to delete or block a minor’s personal information. ICPs must take action to respond to and accommodate any such requests upon receipt.
- The Draft Regulations call for government authorities to formulate policies encouraging the development, manufacture, and promotion of software aimed at protecting minors online.
- Schools, libraries, cultural centers, and youth centers are also required to install software to protect minors from accessing unlawful or inappropriate content on devices provided for use by minors. Mobile device manufacturers and importers are also required to pre-install minor protection software or provide users with instructions on how to install such software.
- Similar to other regulations applicable to the Internet and other online activities, the Draft Regulations also require ICPs to monitor for, censor (by means of filtering, deleting, or blocking), and report any illegal content posted on their platforms. Display of any content that is inappropriate for minors must also be preceded by a prominently-placed warning.
- The Draft Regulations address the issue of problematic behavior linked to online activities such as cyberbullying and online addiction, and specifically reiterate policies rolled out in past years aimed at combating online gaming addiction. Specifically, online gaming services are to:
- require users to register using real identification information;
- take steps to distinguish minors from adults and store their user registration information properly;
- adhere to national standards and requirements; and
- adopt technical measures to
- prevent minors from accessing inappropriate games or gaming functions;
- limit the duration of time spent continuously or cumulatively in a single day on a game; and
- prohibit minors from using online gaming services from 12:00 A.M. to 8:00 A.M.
- The Draft Regulations also propose the establishment of a credibility database and blacklist to distinguish or shame entities with regard to their track records on protecting minors in cyberspace.
- They authorize CAC to impose penalties, such as cease and desist orders and financial penalties, in cases of non-compliance. The fines under the Draft Regulations are relatively modest, ranging from 30,000 to 500,000 RMB, but if warranted by the severity of the circumstances, violators may be held criminally liable and/or have their websites shut down, Internet access cut off, or service offerings suspended.
As a relatively new agency, CAC has taken few enforcement actions in the past. However, with additional regulations and a new Cybersecurity Law on the horizon, we may expect CAC to begin enforcing data privacy and security rules more aggressively in the near future.
Public comments on the Draft Regulations must be submitted by October 31.