On August 29, 2015, China’s legislature, the National People’s Congress, amended the Criminal Law, effective November 1, 2015. Among other things, the amendments modify and add several provisions related to data privacy and cybersecurity. We discuss some of these key amendments below.

  • Expanded criminal sanctions for illegal sale or provision of personal information. Previously, criminal sanctions for selling or providing personal information applied only to government personnel and certain sectors such as finance, telecommunications, transportation, education, and healthcare. Article 253 as amended now applies criminal sanctions to anyone who, in violation of relevant State rules, sells or provides the personal information of others if the circumstances are serious. The crime is punishable by fixed-term imprisonment of no more than three years and/or a fine. If the circumstances are “extremely serious,” the penalties are more severe: three to seven years imprisonment, plus a concurrent fine. The new amendments also provide that those who, in violation of relevant State rules, sell or provide personal information obtained in the course of conducting professional duties or providing services shall face penalties on the harsher end of the ranges described in the preceding paragraph.
  • New penalties on network service providers. Under the new Article 286(a), network service providers (and responsible individuals therein) who fail to fulfill “information network security administration duties prescribed by laws and/or administrative regulations” and refuse to take remedial measures ordered by regulatory authorities face criminal liability — fixed-term imprisonment of no more than three years, criminal detention, or public surveillance, with a fine either concurrently with such punishment or in lieu thereof — if one of the following circumstances occurs: (1) illegal information is widely disseminated, (2) user information is divulged and the circumstances are serious, (3) evidence in a criminal case is lost and the circumstances are serious, or (4) other “serious” circumstances are involved. We understand the term “network service provider” to include both internet service providers (e.g., telecom companies) and internet content providers (including websites). While the breadth of the term “serious” creates certain challenges to interpretation, these new provisions are consistent with the Chinese government’s recent focus on disciplining activities in cyberspace.
  • Criminal liability for conducting and facilitating certain online activity. A new Article 287(a) explicitly provides criminal penalties for those who use information networks to (1) establish websites or communication groups to engage in illegal or criminal activities, (2) publish illegal information such as pornography or information regarding prohibited items (e.g., guns, illegal drugs), or (3) publish other information for the purposes of engaging in fraud or other illegal activities. Under a new Article 287(b), criminal penalties also may be applied to those who, with clear knowledge that another individual is using an information network to commit a crime, provides internet access, storage, hosting, or other technical support, or provides advertising, settlement of payments, and any other assistance for such crime.

These amendments come amidst a series of significant developments in China’s data protection and cybersecurity regime. (See, for example, our post on China’s recently published draft Network Security Law here, and another specifically on the implications of that draft law for data privacy in China here.)

Note: A comparison of preexisting and new provisions in Chinese and English can be obtained from the authors.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Ashwin Kaja Ashwin Kaja

With over a decade of experience in China, Ashwin Kaja helps multinational companies, governments, and other clients understand and navigate the complex legal and policy landscape in the country. He plays a leading role in Covington’s China international trade and public policy practices…

With over a decade of experience in China, Ashwin Kaja helps multinational companies, governments, and other clients understand and navigate the complex legal and policy landscape in the country. He plays a leading role in Covington’s China international trade and public policy practices and, outside of Covington, serves as the General Counsel of the American Chamber of Commerce in China.

Ashwin helps clients solve acute problems that arise in the course of doing business in China and position themselves for longer-term success in the country’s rapidly evolving legal and policy environment. He is an expert on Chinese industrial policy and has worked on matters related to a wide range of sectors including technology, financial services, life sciences, and the social sector. Ashwin has also counseled a range of clients on data privacy and cybersecurity-related matters.

As the General Counsel of the American Chamber of Commerce in China (AmCham China), Ashwin serves as a senior officer of the organization and as an ex officio member of its Board of Governors, supporting nearly one thousand member companies in developing their businesses in China and advocating for their needs with China’s central and local governments.