China is transitioning from a manufacturing-based economy to a more service and consumption-driven economy. E-commerce is at the center of this transition and it is growing at a rapid pace. In 1995, there were approximately 60,000 Internet users in China. Today, the Boston Consulting Group predicts China’s Internet population will reach 730 million in the next two years and its online shopping headcount is expected to reach 380 million. The value of China’s e-commerce market is also astonishing. By 2015, KPMG estimates China’s e-commerce transactions to reach $540 billion.

E-commerce is also a very unique social activity in China. Jack Ma, the founder of Alibaba, recently told the world that “in other countries, e-commerce is a way to shop, in China it is a lifestyle.” Chinese consumers are more engaged. They read and post reviews about products more than their US counterparts. This high level of e-commerce interactivity provides a feedback loop that makes Chinese online platforms more advanced in terms of functionalities. For example, you can use online payment solutions to pay for restaurant bills, taxis, and even manage some healthcare provider payments and reimbursements. However, this also means more data mining opportunities and data privacy concerns for consumers. 

China has yet to adopt a single comprehensive data protection law for its consumers. There is a Draft Personal Data Law that has been in circulation since 2006, but it appears to have little prospect of becoming law in the near future. Under heavy consumer pressure, the personal data protection regime regulating China’s e-commerce activities has so far been a piecemeal solution. Generally, there is some assurance for consumer protection from China’s Defamation Law. Additionally, there are a number of regulatory provisions that deal with data privacy scattered across areas such as banking, medical services, and protection of minors. In some sophisticated jurisdictions such as Shanghai, there is a uniform data protection regime for consumers (see Shanghai Municipality Protection of the Interests of Consumers Regulations, effective January 1, 2003).

In an effort to strengthen consumer privacy protection and consumer confidence, China’s National People’s Congress Standing Committee issued a Decision on the Strengthening of the Protection of Network Information (全国人民代表大会常务委员会关于加强网络信息保护的决定,the “Decision”) effective in December 2012. Following the Decision, the General Administration of Quality Supervision issued a set of recommended Guidelines intended to regulate all organizations and entities with respect to protection of personal information. The Guideline became effective February 1, 2013. The Ministry of Industry and Information Technology (MIIT) subsequently issued its own Provisions on Protection of Personal Information of Telecommunications and Internet Users (the “Provisions”). The Provisions were released on July 16, 2013 and became effective on September 1, 2013.

Most recently, The Chinese State Administration for Industry and Commerce (SAIC) released its own Measures on the Administration of Online Transaction (the “Measure”) to regulate the rights and obligations of operators and consumers on an online transaction platform. SAIC followed this Measure with the Regulatory Guidance on Standard Terms of Internet Transaction Platform Contracts (the “Platform Contract Guidance”). The Platform Contract Guidance became effective on July 30, 2014.  It sets forth requirements for the use of a standard terms agreement in Internet transactions (“e-commerce agreements”) involving platform operators, business operators, and consumers. This Platform Contract Guidance was built on the basis of Chinese Contract Law and the amended Consumer Rights Protection Law. It imposes certain requirements on an e-commerce agreement involving a consumer including notice of consumer rights, notice of change to terms, posting the terms for public review,  as well as general requirement of fairness, transparency and good faith.

In the labyrinth of laws and opinions on consumer data protection, it is clear the regulatory regime is tightening. Businesses operating in China should pay close attention to all emerging requirements. Aside from the many laws, regulations, provisions and measures mentioned above, businesses should also be aware of other industry specific laws including the Personal Information Security Measure for Mailing and Courier Services, the Medical Records Administration Measures of Medical Institutions, and the Measures for Administration of Population Health Information.

For a comprehensive English language summary of the Platform Contract Guidance released on July 30, 2014, click here for the Jun He Bulletin.