The consultation period for the Information Security Technology – Security Requirements for the Supply Chain of Information Technology Products (Draft for Comment) recently ended. The requirements, as a recommended national standard, will apply to the security management activities of the IT product supply chain for government information systems and critical information infrastructure. They will also provide a reference for the supply chain security management activities of other information systems.
The Secretariat of National Information Security Standardisation Technical Committee recently released the Practical Guide to Cybersecurity Standards – Self-Assessment Guidelines for Apps to Collect and Use Personal Information to guide app operators to carry out self-assessments. The guidelines provide 28 self-assessment items.
In order to effectively strengthen the protection of users' personal information, the Ministry of Industry and Information Technology issued the Notice on Carrying out the Special Campaign to Promote Governance on Apps that Infringe Upon Users' Rights and Interests, requiring that a national app testing platform management system be launched before the end of August 2020. The testing platform management system is expected to complete testing for 400,000 mainstream apps before 10 December 2020.
The Supreme People's Court and the National Development and Reform Commission recently issued the Opinions on Providing Judicial Services and Supports to Accelerate the Improvement of the Socialist Market Economy System in the New Era. Among other things, the opinions emphasise that the state should strengthen the protection of data rights and personal information security.
The Ministry of Industry and Information Technology (MIIT) recently instructed third-party testing agencies to examine certain mobile apps and issued the Second and Third Batches of Apps that Infringe Upon Users' Rights and Interests, requiring operators of said apps to make rectifications. Numerous apps did not complete their rectifications before the designated timelines. As a result, the MIIT may impose fines.
China Central Television's 3.15 programme recently exposed that third-party software development kit plug-ins for mobile phones were collecting and using users' personal information. In response, the Ministry of Industry and Information Technology immediately asked the relevant entities to investigate the enterprises involved in accordance with the law.
The Justice Bureau of Shenzhen Municipality recently issued the Data Regulations of Shenzhen Special Economic Zone for public opinion. The draft regulations define the concept of 'data rights' for the first time and set out the ownership of personal and public data. According to the draft regulations, no organisation or individual may infringe on natural persons' data rights in accordance with the law.
The General Office of the State Council recently issued the 2020 Legislative Plan, which includes several laws applicable to the cybersecurity sector, such as the Regulations on Network Protection of Minors and the Regulations on the Security Protection of Critical Information Infrastructure.
Foreign insurers cannot directly sell insurance products in China unless they have successfully established a joint venture or wholly foreign-owned enterprise (WFOE) insurer in mainland China. In light of Shenzhen's recent pilots and reforms, it is now the most favourable destination for foreign insurers seeking to establish a WFOE in mainland China.
The Anhui Province government recently issued the Regulations on the Development and Application of Big Data in Anhui Province for public opinion. The draft regulations encourage enterprises, universities, scientific research institutions and other organisations and individuals to engage in the research and development of Big Data technology and give full play to the economic value and social benefits of data resources.
The Anti-monopoly Bureau of the State Administration for Market Regulation recently published the Guidelines on Leniency for Horizontal Monopoly Agreements. The guidelines propose a relatively reliable leniency system under the Anti-monopoly Law, which is of great significance for improving the effectiveness of antitrust enforcement, while providing a valuable source of guidance for Chinese market players to follow.
China's antitrust agency's greatest competition concerns in the automobile sector relate to vertical restraints. Possibly underscoring this concern, the newly published Antitrust Guidelines on the Automobile Industry placed its main focus on clarifying issues arising therefrom. To help companies in the automobile industry better make their own assessments on antitrust compliance in China, this article explains the antitrust rules relating to vertical restraints provided in the guidelines and analyses their implications.
The Central Committee of the Communist Party of China and the State Council have jointly issued the Master Plan for the Construction of the Hainan Free Trade Port. According to the plan, the aim is for the port to be completed and operational as a globally influential duty-free trading centre by 2050. Among other things, the port is expected to open up value-added telecoms services and gradually remove restrictions on the percentage of enterprises' shareholdings which can be held by foreign investors.
In May 2020 the National People's Congress passed the Civil Code, which will take effect on 1 January 2021. The Civil Code includes special provisions on the protection of privacy and personal information and provides that personal information pertaining to natural persons should be protected as a fundamental civil right. The processing of personal information should adhere to the principles of lawfulness, legitimacy and necessity, and excessive and unreasonable processing is prohibited.
While the new Civil Code largely restates the existing Chinese laws on privacy and personal information protection, it applies these laws more broadly and makes it easier for individuals to take civil action in relation to breaches. As such, privacy and personal information protection laws are likely to be enforced more often and more broadly in China from 2021 onwards. Companies that process personal information in China should ensure that their existing privacy practices comply with the new Civil Code.
Despite the tortuous path ahead for the US election campaigns and the trials and tribulations of 2020, the US-China Phase One Trade Deal remains in place. As China begins to further open its financial market, foreign insurance institutions (FIIs) may be wondering whether non-US FIIs have any chance of benefiting from China's treatment of US insurers. If only US insurers benefit, would that be a Global Agreement on Trade in Services (GATS) violation or would it be GATS compliant?
The App Special Governance Panel recently issued the 2019 Special Governance Report on Apps for Illegal Collection and Use of Personal Information, summarising governance efforts from January 2019. According to the report, illegal collection and use activities by apps will be cracked down on and enterprises' capacity to protect personal information will be greatly improved. Further, knowledge of personal information protection by apps should be extensively available.
According to the Notice of the People's Bank of China on Issuing Financial Industry Standards on Strengthening the Security Management of Mobile Financial Client Application Software, the National Internet Finance Association of China has organised a real-name filing for mobile financial apps. There are 73 apps in the first batch to be filed with the association.
The rapid spread of the COVID-19 pandemic has affected business operations worldwide. For many companies, business interruption (BI) as a result of the pandemic is one of the greatest operational risks of 2020. Although many companies are insured against BI, their coverage may not extend as far as they believe. For example, compensation under a BI policy is often based on the condition that damage to property has occurred. This article sheds some light on this rule.
The Ministry of Industry and Information Technology (MIIT) recently established third-party testing institutions to monitor mobile apps and ordered app operators found to have infringed users' rights and interests to rectify this problem. The MIIT subsequently found that 16 app operators had failed to meet the rectification requirements and ordered them to comply with its request.