SAMR issues draft of regulation measures on digital business licence (trial)

The State Administration for Market Regulation (“SAMR”) issued the Draft of Regulation Measures on Digital Business Licence ("Draft") on 6 December 2018.

Under this Draft, a digital business licence refers to the legal digital certificate containing the registration information of a market entity. After the establishment registration of a market entity, a digital business licence will be issued immediately and is stored in the digital business licences databases. A digital business licence may be downloaded by a smart phone or other device through the official digital business licence database app.

In general, a digital business licence can be used to achieve the same functions of a traditional business licence (e.g. to identify and verify a market entity’s identity). In addition, it can also be used to make registrations of a market entity for its various activities in the online environment, and to function as an electronic signature on digital documents.

Please click here to read the full text (Chinese only) of the Draft.

MPS issues draft guidelines for internet personal information security protection

The Ministry of Public Security (“MPS”) issued the draft Guidelines for Internet Personal Information Security Protection ("Draft") on 30 November 2018.

The Draft defines a personal information holder as any organisation or individual that controls and processes personal information. Compared with other previous personal data protection regulations which focus only on the obligations of data controllers, the Draft makes it clear that data processors are also directly subject to the relevant regulatory requirements.

For the management mechanism, the Draft emphasises that an enterprise should establish detailed internal policies to clarify the authorisation scope and obligations of its personnel involved in handling personal information and monitor their performance. Such a mechanism might help the enterprise to prove its lack of subject intention and avoid potential criminal liabilities where its personnel is solely at fault for a data incident. When conducting onsite inspections and other cybersecurity enforcement actions, the public security organs will likely focus on the technical measures (e.g. measures concerning internet and communication security, equipment and computing, application and data, cloud computing security enhanced requirements, and the “internet of things” security extension enhanced requirements) that a data holder is required to adopt under the Draft. As to the general principles in relation to the collection, processing, storage, sharing, use and deletion of personal information, the Draft basically follow and restate the existing personal information protection rules.

Please click here to read the full text (Chinese only) of the Draft.

China publishes new regulations on cross-border e-commerce retail imports

The Chinese government published three important regulations setting out the new policies governing cross-border e-commerce near the end of November 2018, including the Supervision of Cross-border E-commerce Retail Imports (“Circular”), the Notice of Improving the Tax Policy of Cross-border E-commerce Retail Imports (“Notice”), and the Goods List of Cross-border E-commerce Retail Imports 2018 (“2018 List”). All three regulations will come into effect on 1 January 2019.

Goods bought by way of cross-border e-commerce retail imports in accordance with the requirements of the Circular ("Goods") will be regulated as articles imported for personal use, and the relevant first-time import requirements of approval, registration and recordal shall not be applicable (with two special exceptions).

The Circular sets out the obligations and corresponding legal liabilities for the major players in the imports market, including but not limited to foreign enterprises that sell overseas Goods to domestic consumers via cross-border e-commerce platforms; domestic cross-border e-commerce platform operators; domestic service providers providing customs clearance, payment or logistics services; and domestic consumers who are also the taxpayers of Goods.

The Notice provides that the single transaction limit for Goods purchased via the imports will be raised from RMB 2,000 to RMB 5,000, and the annual transaction limit will be raised from RMB 20,000 to RMB 26,000; whilst the newly issued 2018 List will be implemented together with the Circular and the Notice to set out the scope of Goods that can enjoy the favourable cross-border e-commerce policies.  

Please click here to read a Law-Now article.

CCA issues assessment report of personal information collection and privacy policy of 100 Apps

The China Consumers Association (“CCA”) issues the Assessment Report of Personal Information Collection and Privacy Policy of 100 Apps (“Report”) on 28 November 2018. The Report is not legally enforceable by nature, instead acting as a reminder to consumers.

In respect of the collection of personal information, most apps are prone to excessive collection of personal information, especially in relation to location details, contact details, mobile phone number information, personal property information and biological recognition information.

In respect of an app's privacy policy, the typical problems include: (i) the privacy policies are ambiguous and do not explicitly state the purpose, method, scope, storage time limitation and location of personal information; (ii) apps do not actively show their privacy policy to users or the display of their privacy policy is unclear; (iii) apps do not provide enough options for users when requesting authorisation from the users; and (iv) apps do not provide channels or methods for users to access, correct or delete personal information.

The Report provides several suggestions to improve the current personal information protection status, including the requirement for app stores to perform a review of the obligations of their platform. If an app does not publish its privacy policy, the app store should remove the app from its platform and remind users to not download the app.

Please click here to read the full text (Chinese only) of the Report.

MIIT issues draft regulation for manufacturing enterprises of unmanned aerial vehicles

The Ministry of Industry and Information Technology (“MIIT”) issued the Draft Regulation for Manufacturing Enterprises of Unmanned Aerial Vehicles (“Draft”) on 23 November 2018.

Under the Draft, the MIIT will establish a system to identify qualified manufacturing enterprises of unmanned aerial vehicles (“UAVs”) and publish their names in a list. UAV manufacturers established within China (“Enterprise”) may apply to be involved in the system and be included in the list voluntarily. If an Enterprise would like to be considered as qualified, it shall meet following requirements, amongst others: (i) it must not have any major production safety accidents within the past two years; (ii) it must establish the relevant production safety standardisation and quality management system, which must be verified by professional third parties; and (iii) it must have the required innovation, manufacturing and quality control capability, engage qualified personnel, and take its social responsibility. 

In addition, the UAVs manufactured by the Enterprise must be equipped with flight limitation functions in sensitive areas and be able to take emergency measures to avoid damage to the people and buildings on ground-level. The Enterprise must explicitly warn users about the risks of flying the UAVs. The control of the UAVs must also comply with the applicable rules concerning radio resource management.

Please click here to read the full text (Chinese only) of the Draft.