China’s new Measures help clarify privacy obligations

The PRC State Administration of Industry and Commerce (“SAIC”) recently issued Measures for Penalties for Infringing Upon the Rights and Interest of the Consumers (“Measures”). The Measures are a further indication that China is taking data privacy seriously; they interpret and enhance China’s relatively new Consumer Rights Law (2014) and provide further clarity on definitions and scope, as well as the penalties that may be imposed for failure to comply.

As it relates to privacy rights, the Consumer Rights Law requires business operators in China to:

State the purpose, method, scope, and rules of collection of personal information of consumers;
Keep personal information of consumers confidential and not disclose, sell, or illegally provide this to others;
Have mechanisms in place to ensure the security of information collected; and
Not send unsolicited communications to consumers.

However, there is no definition of “personal information” under the Consumer Rights Law. Now, under Article 11 of the Measures, “personal information” is defined as a consumer’s name, gender, occupation, date of birth, identification document number, residential address, contact information, information on income and assets, health status, consumption habits, and other information collected by business operators during their provision of goods or services that may independently, or in combination with other information, identify the consumer. Both the Measures and Consumer Rights Law are silent on the definition of “business operator,” although in the PRC AntiUnfair Competition Law, this is defined as “a legal person or any other economic organization or individual engaged in commodities marketing or profitmaking services,” which is very broad.

Failure to comply with the Consumer Protection Law can result in: confiscation of illegal gains; fines of between one and 10 times the amount of any illegal gain; if there has been no illegal gain, a fine of up to RMB 500,000 (approximately US $80,000); suspension of business operations; or, in serious circumstances, revocation of business license and the right to do business.

Tip: While the overall regime on data privacy in China remains fragmented and is enshrined in various different regulations issued by different regulatory authorities, the Measures are helpful regarding consumerfacing issues and indicate how some data privacy items may be defined and interpreted in other contexts.

Register now for your free, tailored, daily legal newsfeed service.

China’s new Measures help clarify privacy obligations

Filed under

Topics

Popular articles from this firm

Recent Liberalizations for Hong Kong and Macau Service Providers that Provide Certain Types of Telecommunications and Online Services in China *

Discovery in One Patent Infringement Case Leads to Trade Secret Counterclaims in Another *

SEC Charges Traders in China over Stock Manipulation *

Expanded Implementation of Qualified Foreign Limited Partnership Heats Up Foreign Equity Investments in China *

PRC Food Safety Law and its impacts on Chinese food industry *

Related practical resources PRO

Related research hubs