Thanks for sharing this. These New "Regulations" are at the ministerial administrative regulations, which are not "laws" binding in the judicial system (but can be of reference whenever necessary). Nonetheless, personal data protection has long been protected in the Chinese legal system, dating back the early "administrative regulations" from 1997. ISPs have always been obligated to protect their users' "privacy", which is a civil right protected under the Chinese Tort Liability Law. If an ISP illegally discloses and/or transfers its users' personal data, it should be subject to criminal liability under the Chinese criminal law. What is missing and badly needed is a "specific" law or regulation on personal data protection so as to converge the scattered legal provisions from different sources. The new regulations merely add another piece on the legal patchwork. Actually there are quite a few regulations that are going to be effective or being drafting ("Regulations on Administration of Internet Retails") have the same function. Anyway, as far as legal protection for personal data can be improved or enhanced in China, irrespective whether it is in a small step forward or merely restatement of existing law, it deserves welcomed. Hong -- Dr. Hong Xue Professor of Law Director of Institute for the Internet Policy & Law (IIPL) Beijing Normal University http://www.iipl.org.cn/ <http://iipl.org.cn/> 19 Xin Jie Kou Wai Street Beijing 100875 China On Fri, Feb 3, 2012 at 11:06 PM, Carlton Samuels <carlton.samuels@gmail.com>wrote:
China has recently issued a regulation entitled “Several Provisions on Regulating Market Orders of Internet Information Services” (the “New Regulations”) that come into effect on March 15, 2012.
The regulation explicitly imposes the data protection requirements on their Internet information service providers.
The early report says it is consistent with data protection regimes in play elsewhere, including recent EU regulations; to expressly inform the method, content, and purpose for collecting and processing personal data in notice and consent communiques; stronger protection for the personal data they collect; collection limitations; use limitations; custody, remedy and breach notification obligations.
The definition of user personal information in the regulations includes both (1) information that independently identifies a user and information that may be used to identify a user when combined with other information. Here's a very readable outline analysis of what was originally proposed.
http://www.mallesons.com/publications/marketAlerts/2011/Chinaproposesnewinte...
- Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* ============================= _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org