On March 22, 2016, the MOFCOM released the draft specifications for business services in crossborder e-commerce and the draft specifications for business services in mobile e- commerce (“the Draft”), opening a period for public comments until May 31, 2016.

The Draft specifies that e-commerce service providers (defined as transaction platform service providers) will ensure platform and data security and be responsible for:

  1. Managing the seller’s online transaction information and personal information:
  • personal information will only be available with authorization and can only be used for commercial purposes after screening and deleting sensitive information;
  • transaction information will only be available with authorization after negotiation;
  • screened and nonsensitive data may be transferred, copied, transmitted or processed with the online seller’s consent;
  • any disclosure of personal information or transaction data to third parties, including administrative, enforcement and judicial departments, will be recorded;
  • personal information will be encrypted before being transmitted online. 
  1. Managing data security:
  • online seller’s data will only be accessible to its owner;
  • original data will only be modified with authorization;
  • data backup will be stored off-site to prevent loss. 
  1. Ensuring the platform’s continuous operation (24/7).

The Draft does not provide a clear definition of operational e-commerce, still pending since this type of activity was opened to 100% foreign-owned enterprises in mid-2015.

Date of issue: March 22, 2016. Deadline for public comments: May 31, 2016