On 1 October, new binding provisions came into force in China governing the collection, extraction and review of electronic data in criminal investigations.
The Provisions contain procedures for the retrieval of electronic data inside and outside China. Foreign companies operating in China, as well as those headquartered in China with branches overseas should familiarise themselves with the Provisions and ensure compliance (both by them and by investigators). Since the Provisions strengthen and formalise the framework for seizing electronic data, we may see an uptick in dawn raids, although it is too soon to say.
The definition of electronic data is broad and encompasses all forms of online and mobile data and all devices on which such data may be stored. Evidence recorded digitally, such as recorded witness statements, is not treated as electronic data but may in exceptional cases fall within the purview of the Provisions.
The Provisions set out procedures to, wherever possible, preserve the integrity of electronic data to be used as evidence. Collection should be carried out by two or more investigators and written notification should be provided to the holder of the data, network service providers and relevant departments for enforcement.
Data containing state secrets, commercial secrets or personal privacy, must be kept confidential.
Additional rules govern how to assess the authenticity of electronic data, including analysing digital signatures, the circumstances of additions and deletions, and seizure process.
Overall, the Provisions provide a welcome framework around which investigators (and those being investigated) must work. The law and procedures in this area were previously fragmented and unclear.