On March 22, 2016, the MOFCOM released the draft specifications for business services in crossborder e-commerce and the draft specifications for business services in mobile e- commerce (“the Draft”), opening a period for public comments until May 31, 2016.
The Draft specifies that e-commerce service providers (defined as transaction platform service providers) will ensure platform and data security and be responsible for:
- Managing the seller’s online transaction information and personal information:
- personal information will only be available with authorization and can only be used for commercial purposes after screening and deleting sensitive information;
- transaction information will only be available with authorization after negotiation;
- screened and nonsensitive data may be transferred, copied, transmitted or processed with the online seller’s consent;
- any disclosure of personal information or transaction data to third parties, including administrative, enforcement and judicial departments, will be recorded;
- personal information will be encrypted before being transmitted online.
- Managing data security:
- online seller’s data will only be accessible to its owner;
- original data will only be modified with authorization;
- data backup will be stored off-site to prevent loss.
- Ensuring the platform’s continuous operation (24/7).
The Draft does not provide a clear definition of operational e-commerce, still pending since this type of activity was opened to 100% foreign-owned enterprises in mid-2015.
Date of issue: March 22, 2016. Deadline for public comments: May 31, 2016