The Justice Bureau of Shenzhen Municipality recently issued the Data Regulations of Shenzhen Special Economic Zone for public opinion. The draft regulations define the concept of 'data rights' for the first time and set out the ownership of personal and public data. According to the draft regulations, no organisation or individual may infringe on natural persons' data rights in accordance with the law.
The General Office of the State Council recently issued the 2020 Legislative Plan, which includes several laws applicable to the cybersecurity sector, such as the Regulations on Network Protection of Minors and the Regulations on the Security Protection of Critical Information Infrastructure.
The Anhui Province government recently issued the Regulations on the Development and Application of Big Data in Anhui Province for public opinion. The draft regulations encourage enterprises, universities, scientific research institutions and other organisations and individuals to engage in the research and development of Big Data technology and give full play to the economic value and social benefits of data resources.
The Central Committee of the Communist Party of China and the State Council have jointly issued the Master Plan for the Construction of the Hainan Free Trade Port. According to the plan, the aim is for the port to be completed and operational as a globally influential duty-free trading centre by 2050. Among other things, the port is expected to open up value-added telecoms services and gradually remove restrictions on the percentage of enterprises' shareholdings which can be held by foreign investors.
In May 2020 the National People's Congress passed the Civil Code, which will take effect on 1 January 2021. The Civil Code includes special provisions on the protection of privacy and personal information and provides that personal information pertaining to natural persons should be protected as a fundamental civil right. The processing of personal information should adhere to the principles of lawfulness, legitimacy and necessity, and excessive and unreasonable processing is prohibited.
While the new Civil Code largely restates the existing Chinese laws on privacy and personal information protection, it applies these laws more broadly and makes it easier for individuals to take civil action in relation to breaches. As such, privacy and personal information protection laws are likely to be enforced more often and more broadly in China from 2021 onwards. Companies that process personal information in China should ensure that their existing privacy practices comply with the new Civil Code.
The App Special Governance Panel recently issued the 2019 Special Governance Report on Apps for Illegal Collection and Use of Personal Information, summarising governance efforts from January 2019. According to the report, illegal collection and use activities by apps will be cracked down on and enterprises' capacity to protect personal information will be greatly improved. Further, knowledge of personal information protection by apps should be extensively available.
According to the Notice of the People's Bank of China on Issuing Financial Industry Standards on Strengthening the Security Management of Mobile Financial Client Application Software, the National Internet Finance Association of China has organised a real-name filing for mobile financial apps. There are 73 apps in the first batch to be filed with the association.
The Ministry of Industry and Information Technology (MIIT) recently established third-party testing institutions to monitor mobile apps and ordered app operators found to have infringed users' rights and interests to rectify this problem. The MIIT subsequently found that 16 app operators had failed to meet the rectification requirements and ordered them to comply with its request.
In the first quarter of 2020, the Network Security Department of the national public security organs reportedly developed its functions, strengthened the protection of citizens' personal information and investigated and dealt with 386 illegal apps for collecting citizens' personal information in accordance with the law. This article provides a brief summary of the department's activities.
To further regulate the dissemination of information online and protect the public interest, the Cyberspace Administration of China (CAC) recently launched a nationwide clean up the Internet campaign lasting for eight months from May 2020. According to the CAC, the campaign comprehensively covers various online communication channels and platforms and aims to remove illegal and harmful information from the Internet.
The State Administration for Market Regulation and the National Information Security Standardisation Technical Committee recently released the Information Security Technology Classification Guide for the Classified Protection of Cybersecurity to provide methods and procedures for the classification and protection of information systems and other protection targets which do not involve state secrets (collectively known as 'targets of classified protection').
The Tianjin Cyberspace Administration recently issued a circular which requires the operators of apps (including mini-programs and website tools) for the prevention and control of COVID-19 to fulfil personal information obligations in accordance with the law, provide relevant information on personal information protection online and carry out security-based self-assessments and rectification processes, where required.
The Network Security Administration of the Ministry of Industry and Information Technology (MIIT) recently interviewed the party responsible for the Sina Weblog App regarding a data breach caused by malicious use of the user query interface. Sina Weblog replied that it has upgraded its interface security strategy and will perform its data protection obligations according to MIIT's instructions.
The National Information Security Standardisation Technical Committee recently released the Network Security Standard Practice Guidelines – Guidelines for Personal Information Security Protection by Apps for public consultation. Based on the statistics released by certain assessment tools and the typical issues which have come to light due to the COVID-19 pandemic, the guidelines summarise 10 activities which app operators should avoid.
In order to protect personal information during the prevention and control phases of the COVID-19 pandemic, the Office of the Central Cyberspace Affairs Commission issued the Circular on Ensuring Effective Personal Information Protection and Utilisation of Big Data to Support Joint Efforts for Epidemic Prevention and Control. This article examines the circular's main requirements.
The National Financial Standardisation Technical Commission recently issued the Personal Financial Information Protection Technical Specification to regulate the secure management of personal financial information. Based on the damaging effects of unauthorised access to or the modification of such information, institutions without the corresponding financial qualification are not authorised to collect certain types of personal financial information.
The Ministry of Industry and Information Technology recently released the Guidelines on Classification and Grading of Industrial Data (On Trial) to guide industry and IT administrations, industrial enterprises and industrial internet platform enterprises in carrying out the classification and grading of industrial data. According to the guidelines, 'industrial data' refers to data generated and applied throughout the lifecycle of products and services in the industrial sector.
The State Administration for Market Regulation and the Standardisation Administration recently released a national standard circular to announce that the Information Security Technology – Personal Information Security Specification (Specification 2020) and seven additional national standards have been issued and will take effect on 1 October 2020. Specification 2020 was revised based on the Information Security Technology – Personal Information Security Specification which came into effect in 2018.
The novel coronavirus pneumonia has been classified as a Class B infectious disease under the Law on the Prevention and Treatment of Infectious Diseases and preventive and control measures for Class A infectious diseases have been taken. To cooperate with the state epidemic control measures and protect employees' health, employers must provide outbreak-related information on their employees, resulting in some special legal issues regarding personal information protection.