Database

Browse Database
Restrictions on data

CHINA

Since 2012

Chapter Intermidiary liability  |  Sub-chapter Lack of safe harbor for intermediary liabiity
Decision to Strengthen the Protection of Online Information
Intermediaries are obliged to obtain real identity information when providing internet access services and information publication services.

Furthermore, a regulation requires users of blogs, microblogs, instant-messaging services, online discussion forums, news comment sections and related services to register with their real names and avoid spreading content that challenges national interests.
Coverage Internet intermediaries
Restrictions on data

CHINA

Since June 2011

Chapter Intermidiary liability  |  Sub-chapter Lack of safe harbor for intermediary liabiity
Guiding Framework on the Protection of Copyright for Network Dissemination

Decision of the Standing Committee of the National People’s Congress on Strengthening Online Information Protection

Criminal Code
The Safe Harbor defense for internet intermediaries providing hosting services is spelt out in Articles 14 to 17 and 22 of the guiding framework on protection of copyright for network dissemination. The hosting defense in Article 22 only applies to service providers who host third party materials. Where it is the service provider who puts up the materials for dissemination to the public, it becomes the content provider and is not entitled to the safe harbor defense.

Yet, according to the Chinese criminal code, the founder or directly responsible manager of a website, knowing that any other person is producing, reproducing, publishing, selling or disseminating pornographic electronic information, allows or connives at the person’s publishing such information on the website. Therefore, the founder or directly responsible manager shall be convicted of the crime of disseminating pornographic items for profits.

In May 2014, the Chinese government revoked the Internet business license of Shenzhen QVOD Technology Inc, a Chinese online peer-to-peer video-hosting platform and forced it to shut down all the servers due to copyright infringement and Internet pornography. QVOD was later fined 260 million yuan ($40 million). In January 2016, four executives of QVOD stood trial in Beijing. It was alleged that the company allowed pornographic websites to access its streaming technology and approximately 21,000 pornographic materials have been distributed on three servers run by QVOD. If found guilty, the four executives will each face at least 10-year prison sentence.
Coverage Internet intermediaries
Restrictions on data

CHINA

Since January 2016

Chapter Data policies  |  Sub-chapter Other
Counterterrorism law
According to the Counterterrorism Law, providers of telecommunication, Internet, and financial services, are required to conduct identity checks of their customers or clients and refuse to provide services to those that decline to provide such information. No implementing regualtions have been issued yet.
Coverage Telecomunication sector, internet and financial services companies
Restrictions on data

CHINA

Since January 2016

Chapter Data policies  |  Sub-chapter Other
Counterterrorism law
According to the Counterterrorism Law, telecommunication and Internet services companies must establish content monitoring and network security programs and adopt precautionary security measures to prevent the dissemination of information on extremism, report terrorism information to the authorities in a timely manner, keep original records, and promptly delete such messages to prevent further circulation. No implementing regualtions have been issued yet.
Coverage Internet service providers and telecommunication sector
Restrictions on data

CHINA

Since March 2014

Chapter Data policies  |  Sub-chapter Sanctions for non-compliance
Law of the People's Republic of China on Protection of Consumer Rights and Interests
The Law of the People's Republic of China on Protection of Consumer Rights and Interests introduces administrative sanctions for consumer data breach cases for the first time in China. These include being ordered to rectify the breach, issuing warnings, confiscation of illegal gains, a fine up to ten times any illegal gain (or up to RMB 500,000, approx. 80,000 USD, if none) and, in extreme cases, shutting down and de-registering the business.
Coverage Horizontal
Restrictions on data

CHINA

Since 1993

Chapter Data policies  |  Sub-chapter Administrative requeriments on data privacy
State Security Law
There are two articles in the State Security Law permitting the state security organ to accede, when necessary, to any information or data held by anyone in China. Article 11 stipulates that ‘where state security requires, a state security organ may inspect the electronic communication instruments and appliances and other similar equipment and installations belonging to any organization or individual’ and Article 18 ‘When a State security organ investigates and finds out any circumstances endangering State security and gathers related evidence, citizens and organizations concerned shall faithfully furnish it with relevant information and may not refuse to do so.’
Coverage Horizontal
Source
  • Zhizheng Wang, ‘Systematic Government Access to Private-Sector Data in China’, (2012) 2/4
    International Data Privacy Law 220, http://idpl.oxfordjournals.org/content/2/4/220.full#fn-20
Restrictions on data

CHINA

Since May 2011

Chapter Data policies  |  Sub-chapter Administrative requeriments on data privacy
Notice to Urge Banking Financial Institutions to Protect Personal Financial Information
In case the loss or divulgence of any personal financial data occurs in breach of the banking regulations, the banking financial institution must promptly (within one day) inform the People’s Bank of China.

Telecommunication companies and internet service providers must notify the MIIT of any actual or potential divulgence or loss of or damage to personal data.
Coverage Financial sector
Restrictions on data

CHINA

Since February 2013

Chapter Data policies  |  Sub-chapter Personal rights to data privacy
Guidelines for Personal Information Protection Within Public and Commercial Services Information Systems

Law of the People's Republic of China on Protection of Consumer Rights and Interests
Under the Guidelines for Personal Information Protection Within Public and Commercial Services Information Systems, personal information may be collected only if the user is notified of the following before collection:
- the purpose of collection;
- the means of collection, specific information collected, and time of retention;
- the scope of use of the collected personal information, including the scope of disclosure or provision of personal information to other organizations and institutions;
- measures for protection of personal information;
- the name, address, and contact information of the collectors;
- risks the user may encounter after providing personal information;
- the consequences if the user is not willing to provide personal information;
- the channel that a user should take when filing a complaint; and
- in circumstances where personal information must be transmitted or entrusted to another organization: the purpose for transmission or entrustment; the specific personal information and scope of use of the transmitted or entrusted personal information; and the name, address, and contact information of the recipient of the entrusted personal information.
Coverage Horizontal
Restrictions on data

CHINA

Since September 2000
Since December 2012

Chapter Data policies  |  Sub-chapter Data retention
Regulation on Internet Information Services of the People's Republic of China (互联网信息服务管理办法)

Decision on Strengthening Network Information Protection
The Regulation on Internet Information Services of the People's Republic of China requires that Internet Service Providers (ISPs) keep records of each service user’s time spent online, user account, IP address or domain name, phone number and other information for 60 days and provide that information to the authorized government authorities when required (Art. 14.).

In addition, the Decision on Strengthening Network Information Protection requires ISPs to cooperate with the government and provide technical support upon inquiry from the authorized government authorities (Art. 10).
Coverage Internet Service Providers
Restrictions on data

CHINA

Since February 2013

Chapter Data policies  |  Sub-chapter Restrictions cross-border on data flows
Guidelines for Personal Information Protection Within Public and Commercial Services Information Systems
Article 5.4.5. of the Guidelines for Personal Information Protection Within Public and Commercial Services Information Systems prohibit the transfer of personal data abroad without express consent of the data subject, government permission or explicit regulatory approval "absent express consent of the subject of the personal information, or explicit legal or regulatory permission, or absent the consent of the competent authorities, the administrator of personal information shall not transfer the personal information to any overseas receiver of personal information, including any individuals located overseas or any organizations and institutions registered overseas."

Altought the Guidelines are a voluntary technical document, they might serve as a regulatory basis for judicial authorities and lawmakers.
Coverage Horizontal
Sources
  • Chander, A. and U. Lê (2015), Data Nationalism, Emory Law Review, 64, 677, p. 678-739. Available at http://law.emory.edu/elj/content/volume-64/issue-3/articles/data-nationalism.html.
  • A translation of these Guidelines composed by Dr. George Yijun Tian, in addition to an overview of them, can be found in Graham Greenleaf & George Yijun Tian, China Expands Data Protection through 2013 Guidelines, Privacy L. & Bus. Int’l Rep., Apr. 2013, at 1 (2013), available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2280037
Restrictions on data

CHINA

Since March 2016

Chapter Data policies  |  Sub-chapter Restrictions cross-border on data flows
Infrastructure requirement
Strict guidelines for what can be published online and how the publisher should conduct business in China came into force in March 2016. According to the rules, any publisher of online content, including “texts, pictures, maps, games, animations, audios, and videos” will be required to store their “necessary technical equipment, related servers and storage devices” in China.
Coverage Electronic media
Restrictions on data

CHINA

Since January 2016

Chapter Data policies  |  Sub-chapter Restrictions cross-border on data flows
Order on the Regulation of Maps
Online maps are required to set up their server inside of the country and must acquire an official certificate.
Coverage Maps services
Restrictions on data

CHINA

Reported in 2012

Chapter Data policies  |  Sub-chapter Restrictions cross-border on data flows
Data localisation requirement
China has data residency laws that declare companies can store the data they collect only on servers in country.
Coverage Horizontal
Restrictions on data

CHINA

Reported in 2015

Chapter Data policies  |  Sub-chapter Restrictions cross-border on data flows
Local processing requirement
China instituted a licensing system for online taxi companies which requires them to host user data on Chinese servers.
Coverage Taxi sector
Restrictions on data

CHINA

Since May 1989

Chapter Data policies  |  Sub-chapter Restrictions cross-border on data flows
Law of the People's Republic of China on Guarding State Secrets
The transfer abroad of data containing state secrets is prohibited.
Coverage Horizontal
Source
  • Law of the People’s Republic of China on Guarding State Secrets, promulgated by the Standing Committee of the National People's Congress, Sept. 1988, effective May 1989, art. 2. Available at http://www.lawinfochina.com/display.aspx?lib=law&id=1191&CGid=