Following the Chinese Central TV Station's (CCTV's) broadcast of the 3.15 programme in 2019, the Ministry of Industry and Information Technology decided to crack down on telephone harassment and strengthen the protection of personal information in the telecoms and internet sectors. The CCTV will broadcast 3.15 on 15 March each year in order to reveal company activities which infringe consumer rights and interests.
Although still fairly new, the State Administration for Market Regulation (SAMR) diligently investigated and penalised monopolistic behaviour in 2018, publishing a dozen cases alongside its local enforcement agencies which attracted media attention. Notably, livelihood-related industries (including the pharmaceutical industry) and trade associations appeared to come under the SAMR's spotlight.
The Shanghai Consumer Council recently released the results of its assessment of 39 apps, which aimed to evaluate the level of access that they had to users' personal information. The assessment revealed that 25 apps had been over collecting users' personal information and that only 14 apps had actual service-related reasons justifying their collection of sensitive personal information.
The Shenzhen Municipality Justice Bureau recently issued draft regulations on the administration of public security video and image systems for public comment. The draft regulations aim to protect public privacy and strengthen internet information security and information sharing by prohibiting the installation of video and image recording systems in certain locations which concern public privacy. Individuals and entities which fail to comply with the regulations will be subject to fines.
The National People's Congress recently passed and published revisions to the Anti-unfair Competition Law. The revisions focus primarily on trade secret infringement, as trade secrets are regarded as one of the core competitive advantages in today's business world. The main amendments include widening the definition of 'infringer', increasing penalties for infringement and alleviating the burden of proof for plaintiffs.
The State Administration for Market Regulation recently issued a notification which aims to encourage local market regulatory departments to crack down on false and unlawful online advertising and create a positive market environment for online ads. According to the notification, local market regulatory authorities will investigate and severely penalise unlawful online ads which concern, among other things, politically sensitive, vulgar or socially influential issues.
The refusal of the Chinese antitrust authority to green light the Qualcomm/NXP merger garnered significant attention and shone a spotlight on China's merger review practice, particularly with regard to the chip industry. This article provides an overview of Chinese merger control by examining the major chip industry mergers that the former Ministry of Commerce and the current State Administration for Market Regulation have approved with remedies to date.
A Guangdong province public security bureau recently fined an individual for using virtual private network (VPN) software to evade Chinese internet censorship in accordance with the Interim Provisions of the People's Republic of China governing the International Interconnection of Computer-Based Information Networks. Although the provisions were enacted in 1996, this is reportedly the first time that an individual has been punished for using VPN software to evade internet censorship.
The Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security and the State Administration for Market Regulation recently announced that they had launched a campaign to stop apps from unlawfully collecting and processing personal data. The announcement sets out the obligations of various parties with regard to the collection and processing of personal data, including app operators, associations, authorities and public security organs.
In 2018 the newly formed State Administration for Market Regulation (SAMR) maintained a rigorous and prudent attitude towards merger control review. There was a significant increase in the number of cases concluded and the efficiency with which they were done so. As regards the cases which were conditionally approved, the SAMR imposed various tailored conditions. In addition, the SAMR investigated more non-filing cases and imposed more penalties on non-filers compared with 2017.
The National Information Security Standardisation Technical Committee recently published the draft Information Security Technology – Personal Information Security Specifications for public comment. Among other amendments, the draft has revised the exceptions regarding authorisation and consent by personal information subjects, introduced rules concerning the merger of personal information and promoted the importance of data protection officers and departments.
China reached a number of Anti-monopoly Law enforcement and development milestones in 2018. For example, the newly established State Administration for Market Regulation completed the consolidation of the country's former government antitrust agencies and amended a number of Anti-monopoly Law regulations. Although this institutional reform took a significant amount of time, public enforcement remained active. In addition, there were a number of private antitrust enforcement developments.
The Cybersecurity Bureau of the Ministry of Industry and Information Technology recently released its checking results for seven inspected telecom enterprises and required them to rectify the loopholes and vulnerabilities of their networks or systems as notified. The inspected telecom enterprises were found to have had a number of major issues, including medium and high-risk loopholes in their business systems and equipment (including their official websites).
The Ministry of Public Security recently released the Guideline for Internet Personal Information Security Protection (Draft for Comment) to solicit public opinions. The guideline requires that personal information holders implement a series of security protection measures. Among others, these include a management mechanism, which involves building firewalls to protect enterprises from criminal risks, and technical measures to ensure that network operations are secure for internet inspection purposes.
The Cyberspace Administration of China recently issued the Administrative Regulations on the Provision of Financial Information Services. Under the regulations, parties must obtain the corresponding permits before they can provide various financial information services. Further, service providers must establish service specifications regarding information content auditing, data retention, information security and personal information and IP protection.
The National Health Commission recently released the Circular regarding Issuing National Health Medical Big Data Standards, Safety and Service Management Measures (For Trial Implementation). The circular provides guidelines regarding the standards and security of Big Data in the healthcare industry, as well as service management measures. As the circular is considered to mark the Cybersecurity Law's implementation in the healthcare industry, most of its security measures are derived from the law.
In one of the Guangdong province's top 10 internet cases of 2017, the court found that Apple IDs constitute personal information which may affect other parties' personal and property safety. As such, the two defendants concerned were convicted of infringing citizens' personal data rights after more than 1,200 pieces of personal information were found on their computers. This decision is believed to have had a demonstrable effect on the handling of similar cases.
The Ministry of Public Security recently released the Provisions on the Supervision and Inspection of Internet Security by Public Security Organs. According to the provisions, public security organs must supervise and inspect internet service providers and network entity users that provide a range of internet-related services. They also list certain powers that public security organs may use when supervising and inspecting internet security on-site.
The National Information Security Standardisation Technical Committee recently held a meeting to commence the pilot work on the Information Security Technology – Guidelines for Critical Information Infrastructure (CII) Security Examination Assessment (For Approval). The pilot work will focus on the reasonability and practicability of the guidelines. Twelve CII operators from the telecoms, internet, transportation, energy, finance, e-government and public services industries have been selected as pilot units.
Blockchain technology is becoming increasingly prominent in Chinese judicial proceedings. However, the government's growing concerns about certain aspects of blockchain have triggered a number of regulatory responses. For example, the Cyberspace Administration of China recently released draft provisions, which are intended to govern all entities that provide blockchain-based information services in China and are the first step towards regulating this technology at the government level.