China’s top internet regulator, the Cyberspace Administration of China (“CAC”), continues to show interest in setting more stringent rules governing the protection of minors in the context of online activities and data privacy. Immediately prior to the October holiday, CAC released for public comment new draft regulations aimed at protecting minors on the Internet, the Regulations on the Protection of Minors in Cyberspace (“Draft Regulations”), which contain significant provisions addressing minors’ data privacy. Note that the scope of this new regulation is broader than the US’s Children’s Online Privacy Protection Act (“COPPA”), which focuses primarily on children’s privacy issues.

Below are some highlights from the Draft Regulations:

  • The Draft Regulations are intended to apply to “minors,” but do not incorporate a specific definition of that term. In the absence of a specific definition, the Law on the Protection of Minors—which defines minors as individuals under the age of 18—is likely to apply. Note that COPPA’s protections apply only to children under the age of 13.
  • Those collecting and using minors’ personal information must post a prominent warning identifying the source, content, and use of any such information collected, as well as obtain the consent of the minor or his/her guardian. Special policies will be formulated to govern the collection and use of minors’ personal information to strengthen protection. These rules would also apply to search results displayed by Internet search services.
  • Minors and their guardians have the right to require Internet content providers (“ICPs”) to delete or block a minor’s personal information. ICPs must take action to respond to and accommodate any such requests upon receipt.
  • The Draft Regulations call for government authorities to formulate policies encouraging the development, manufacture, and promotion of software aimed at protecting minors online.
  • Schools, libraries, cultural centers, and youth centers are also required to install software to protect minors from accessing unlawful or inappropriate content on devices provided for use by minors. Mobile device manufacturers and importers are also required to pre-install minor protection software or provide users with instructions on how to install such software.
  • Similar to other regulations applicable to the Internet and other online activities, the Draft Regulations also require ICPs to monitor for, censor (by means of filtering, deleting, or blocking), and report any illegal content posted on their platforms. Display of any content that is inappropriate for minors must also be preceded by a prominently-placed warning.
  • The Draft Regulations address the issue of problematic behavior linked to online activities such as cyberbullying and online addiction, and specifically reiterate policies rolled out in past years aimed at combating online gaming addiction. Specifically, online gaming services are to:
    • require users to register using real identification information;
    • take steps to distinguish minors from adults and store their user registration information properly;
    • adhere to national standards and requirements; and
    • adopt technical measures to
      • prevent minors from accessing inappropriate games or gaming functions;
      • limit the duration of time spent continuously or cumulatively in a single day on a game; and
      • prohibit minors from using online gaming services from 12:00 A.M. to 8:00 A.M.
  • The Draft Regulations also propose the establishment of a credibility database and blacklist to distinguish or shame entities with regard to their track records on protecting minors in cyberspace.
  • They authorize CAC to impose penalties, such as cease and desist orders and financial penalties, in cases of non-compliance. The fines under the Draft Regulations are relatively modest, ranging from 30,000 to 500,000 RMB, but if warranted by the severity of the circumstances, violators may be held criminally liable and/or have their websites shut down, Internet access cut off, or service offerings suspended.

As a relatively new agency, CAC has taken few enforcement actions in the past. However, with additional regulations and a new Cybersecurity Law on the horizon, we may expect CAC to begin enforcing data privacy and security rules more aggressively in the near future.

Public comments on the Draft Regulations must be submitted by October 31.

Print:
EmailTweetLikeLinkedIn
Photo of Yan Luo Yan Luo

Yan Luo advises clients on a broad range of regulatory matters in connection with data privacy and cybersecurity, antitrust and competition, as well as international trade laws in the United States, EU, and China.

Yan has significant experience assisting multinational companies navigating the…

Yan Luo advises clients on a broad range of regulatory matters in connection with data privacy and cybersecurity, antitrust and competition, as well as international trade laws in the United States, EU, and China.

Yan has significant experience assisting multinational companies navigating the rapidly-evolving Chinese cybersecurity and data privacy rules. Her work includes high-stakes compliance advice on strategic issues such as data localization and cross border data transfer, as well as data protection advice in the context of strategic transactions. She also advises leading Chinese technology companies on global data governance issues and on compliance matters in major jurisdictions such as the European Union and the United States.

Yan regularly contributes to the development of data privacy and cybersecurity rules and standards in China. She chairs Covington’s membership in two working groups of China’s National Information Security Standardization Technical Committee (“TC260”), and serves as an expert in China’s standard-setting group for Artificial Intelligence and Ethics.

Photo of Ashwin Kaja Ashwin Kaja

Ashwin Kaja is special counsel in the firm’s Beijing office and is a member of the firm’s International Trade, Public Policy, Data Privacy & Cybersecurity, and Anti-Corruption practice groups. He has advised multinational companies, governments, and other clients on a range of matters…

Ashwin Kaja is special counsel in the firm’s Beijing office and is a member of the firm’s International Trade, Public Policy, Data Privacy & Cybersecurity, and Anti-Corruption practice groups. He has advised multinational companies, governments, and other clients on a range of matters related to international trade, public policy and government affairs, data privacy, foreign investment, anti-corruption compliance and investigations, corporate law, real estate, and the globalization of higher education. He also serves as the China and India editor for Covington’s GlobalPolicyWatch.com. Mr. Kaja is also a certified information privacy professional (CIPP/US). Prior to joining the firm, Mr. Kaja was an associate at another major international law firm in Beijing.