On August 29, 2015, China’s legislature, the National People’s Congress, amended the Criminal Law, effective November 1, 2015. Among other things, the amendments modify and add several provisions related to data privacy and cybersecurity. We discuss some of these key amendments below.

  • Expanded criminal sanctions for illegal sale or provision of personal information. Previously, criminal sanctions for selling or providing personal information applied only to government personnel and certain sectors such as finance, telecommunications, transportation, education, and healthcare. Article 253 as amended now applies criminal sanctions to anyone who, in violation of relevant State rules, sells or provides the personal information of others if the circumstances are serious. The crime is punishable by fixed-term imprisonment of no more than three years and/or a fine. If the circumstances are “extremely serious,” the penalties are more severe: three to seven years imprisonment, plus a concurrent fine. The new amendments also provide that those who, in violation of relevant State rules, sell or provide personal information obtained in the course of conducting professional duties or providing services shall face penalties on the harsher end of the ranges described in the preceding paragraph.
  • New penalties on network service providers. Under the new Article 286(a), network service providers (and responsible individuals therein) who fail to fulfill “information network security administration duties prescribed by laws and/or administrative regulations” and refuse to take remedial measures ordered by regulatory authorities face criminal liability — fixed-term imprisonment of no more than three years, criminal detention, or public surveillance, with a fine either concurrently with such punishment or in lieu thereof — if one of the following circumstances occurs: (1) illegal information is widely disseminated, (2) user information is divulged and the circumstances are serious, (3) evidence in a criminal case is lost and the circumstances are serious, or (4) other “serious” circumstances are involved. We understand the term “network service provider” to include both internet service providers (e.g., telecom companies) and internet content providers (including websites). While the breadth of the term “serious” creates certain challenges to interpretation, these new provisions are consistent with the Chinese government’s recent focus on disciplining activities in cyberspace.
  • Criminal liability for conducting and facilitating certain online activity. A new Article 287(a) explicitly provides criminal penalties for those who use information networks to (1) establish websites or communication groups to engage in illegal or criminal activities, (2) publish illegal information such as pornography or information regarding prohibited items (e.g., guns, illegal drugs), or (3) publish other information for the purposes of engaging in fraud or other illegal activities. Under a new Article 287(b), criminal penalties also may be applied to those who, with clear knowledge that another individual is using an information network to commit a crime, provides internet access, storage, hosting, or other technical support, or provides advertising, settlement of payments, and any other assistance for such crime.

These amendments come amidst a series of significant developments in China’s data protection and cybersecurity regime. (See, for example, our post on China’s recently published draft Network Security Law here, and another specifically on the implications of that draft law for data privacy in China here.)

Note: A comparison of preexisting and new provisions in Chinese and English can be obtained from the authors.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Ashwin Kaja Ashwin Kaja

With over a decade of experience in China, Ashwin Kaja helps multinational companies, governments, and other clients understand and navigate the complex legal and policy landscape in the country. He plays a leading role in Covington’s China international trade and public policy practices…

With over a decade of experience in China, Ashwin Kaja helps multinational companies, governments, and other clients understand and navigate the complex legal and policy landscape in the country. He plays a leading role in Covington’s China international trade and public policy practices and, outside of Covington, serves as the General Counsel of the American Chamber of Commerce in China.

Ashwin helps clients solve acute problems that arise in the course of doing business in China and position themselves for longer-term success in the country’s rapidly evolving legal and policy environment. He is an expert on Chinese industrial policy and has worked on matters related to a wide range of sectors including technology, financial services, life sciences, and the social sector. Ashwin has also counseled a range of clients on data privacy and cybersecurity-related matters.

As the General Counsel of the American Chamber of Commerce in China (AmCham China), Ashwin serves as a senior officer of the organization and as an ex officio member of its Board of Governors, supporting nearly one thousand member companies in developing their businesses in China and advocating for their needs with China’s central and local governments.

Photo of Eric Carlson Eric Carlson

Eric Carlson has nearly two decades of experience advising clients operating in China and other jurisdictions in Asia on compliance and investigations matters, particularly in the areas of corruption/FCPA/fraud and export controls/sanctions.

Having lived in China for more than a decade, he has

Eric Carlson has nearly two decades of experience advising clients operating in China and other jurisdictions in Asia on compliance and investigations matters, particularly in the areas of corruption/FCPA/fraud and export controls/sanctions.

Having lived in China for more than a decade, he has deep experience leading highly sensitive investigations in China and other jurisdictions in Asia, including investigations presenting complex legal, political, and reputational risks. He speaks Mandarin and Cantonese and has led more than four hundred witness interviews in Chinese in 24 provinces in China, and conducted dozens of trainings in Chinese. He is a Certified Fraud Examiner.

Eric also counsels clients on the compliance risks of proposed transactions, conducts compliance due diligence as part of mergers, acquisitions, and joint ventures, assists companies in updating and strengthening their internal compliance programs and tailoring them to the unique features of Asian markets, and developing and presenting tailored compliance training in Chinese and English. Eric has advised scores of companies and organizations representing nearly every major industry.

Eric is a regular speaker on China-related compliance issues. He has been quoted in publications such as The Wall Street JournalThe Economist, The Financial Times, Global Investigations Review, Compliance Week, FCPA Report, The Corporate Treasurer, Commercial Dispute Resolution, China Business Law Journal, and Economy and Nation Weekly and was a contributing editor to the FCPA Blog. Chambers notes that Eric has “much more than just a conversational grasp of the language, but the ability to conduct interviews on specific subject matter details and get to the root of the issues.” Chambers further notes that “his language skills are very impressive” and that he provides “great advice that is grounded in reality,” adding: “They know the industry and their advice is very risk-based and balanced.” One client noted to Chambers: “They have strong regional coverage both in terms of footprint as well as language skills. If I have a compliance investigation in region with a tight timeframe, I know they can get it done. They take a more realistic approach to scoping investigations.” Other clients noted to Chambers that Eric is “really brilliant” and “an expert in this field.” According to one client surveyed by Chambers, “he is particularly adept at ‘right sizing’ the scope of an investigation to get at the key issues without incurring unnecessary operational or financial burden. He is also incredibly responsive to client communications.”