Internet-based businesses in China have until now not been required to comply with any comprehensive data privacy law, but from March 15, 2012 business providing ‘Internet information services’ in China must comply with a much more comprehensive data privacy law, which can be briefly called the Internet Information Services Regulations. ‘Internet information service provider’ refers to all parties providing information to Internet users over the Internet. The Regulations use a definiton that is similar to the definition of personal data used in laws in other countries, and clearly implies that this is broader than information collected from the user, such as information collected from third parties or information generated by the IISP itself from transactions with the user. They are to be enforced by China’s various ‘Telecommunications Authorities’.
The data privacy principles in the Regulations are analysed here in accordance with the usual division of privacy principles found in such instruments as the OECD Guidelines, and other principles developed since then. They are on the one hand surprisingly comprehensive, but on the other hand have a couple of major omissions. The enforcement methods in the Regulation are diverse, but primarily at the initiative of the Telecommunications Authorities. They do not include civil damages provisions, but these may be provided by other aspects of Chinese law, read in conjunction with these Regulations.
Commentators on China’s Internet industry expect that these Regulations will be actively enforced, in part as a result of a string of widely publicised unauthorized disclosures of user information by Internet companies in 2011, and that some industry sectors will have considerable compliance problems. The article concludes with reasons for the significance of these Regulations, and how they compare with international standards. The Regulation is a very significant step for China, even if it would be a very limited one in other countries.
Computer Law | Cyberspace Law | Human Rights Law | Intellectual Property
Date of this Version
Graham Greenleaf, "China’s Internet data privacy Regulations 2012: 80% of a Great Leap Forward?" (April 2012). University of New South Wales Faculty of Law Research Series 2012. Working Paper 13.