On January 8, 2021, the Cyberspace Administration of China (“CAC”) issued the Administrative Measures for Internet Information Services (Revised Draft for Comments) (the “Draft for Comment”) for public comments by February 7, 2021.
The Draft for Comment applies to any organization or individual within the territory of the People’s Republic of China providing Internet information services to domestic users by using domestic and foreign network resources.
The Draft for Comment requires that those who engage in Internet information services, which belong to operating the business of telecommunications, shall obtain the business license from the competent department of telecommunications; those who do not belong to operating the business of telecommunications shall undertake the filing-for-record formalities with the competent department of telecommunications. Those who have not obtained the business license of telecommunication business or have not completed the filing-for-record formalities shall not engage in Internet information services.
The Draft for Comment requires that Internet information service providers, Internet network access service providers and their staff shall adopt technical measures and other necessary measures to protect the identity information and log information collected and used from leakage, damage and loss.
MOFCOM issued the Rules on Counteracting Unjustified Extra-Territorial Application of Foreign Legislation and Other Measures
On January 9, 2021, the Rules on Counteracting Unjustified Extra-Territorial Application of Foreign Legislation and Other Measures (“Rules”), are hereby promulgated by Ministry of Commerce of the People’s Republic of China (“MOFCOM”) and shall be effective as of the date of the promulgation.
These Rules apply to situations where the extra-territorial application of foreign legislation and other measures, in violation of international law and the basic principles of international relations, unjustifiably prohibits or restricts the citizens, legal persons or other organizations of China from engaging in normal economic, trade and related activities with a third State (or region) or its citizens, legal persons or other organizations.
These Rules require that where a citizen, legal person or other organization of China is prohibited or restricted by foreign legislation and other measures from engaging in normal economic, trade and related activities with a third State (or region) or its citizens, legal persons or other organizations, he/it shall truthfully report such matters to the competent department of commerce of the State Council within 30 days.
These Rules require that the State shall establish a working mechanism composed of relevant central departments (“Working Mechanism”), to take charge of counteracting unjustified extra-territorial application of foreign legislation and other measures. Where the Working Mechanism, upon assessment, confirms that there exists unjustified extra-territorial application of foreign legislation and other measures, it may decide that the competent department of commerce of the State Council shall issue a prohibition order to the effect that, the relevant foreign legislation and other measures are not accepted, executed, or observed (“prohibition order”). The prohibition order may be suspended or withdrawn by decision of the Working Mechanism based on actual circumstances.
A citizen, legal person or other organization of China may apply to the competent department of commerce of the State Council for exemption from compliance with a prohibition order. Meanwhile, these Rules follow that where a person complies with the foreign legislation and other measures within the scope of a prohibition order, and thus infringes upon the legitimate rights and interests of a citizen, legal person or other organization of China, the latter may, in accordance with law, institute legal proceedings in a people’s court, and claim for compensation by the person.
On January 11, 2021, the People’s Bank of China (“PBOC”) issued the Administrative Measures for Credit Reporting Business (Draft for Comment) (the “Draft for Comment”) for public comments by February 10, 2021.
On credit information collection, the Draft for Comment stipulates that credit agencies should:
- follow the principle of “minimum and necessary” and credit information collection should not be excessive;
- examine the business legitimacy, information source, information quality, information security and authorization of information subject of the information provider to ensure the legality, accuracy and sustainability of credit information collection;
- clarify with the information provider their respective rights and obligations in data correction, objection of handling, information security, etc.; and
- obtain the information subject’s consent, and inform the information subject clearly of the purpose, source and scope of credit information collection, as well as the possible adverse consequences of not agreeing to the information collection.
On January 13, 2021, the Ministry of Industry and Information Technology (“MIIT”) issued the Circular on Launching the Pilot Program on Classified and Graded Management of Cybersecurity of Industrial Internet Enterprises (the “Circular”).
The Circular provides that, in light of the actual development of the industrial Internet in various regions, and by taking into full consideration the willingness of various regions to participate in the program, 15 provinces (autonomous regions and municipalities directly under the Central Government) including Tianjin, Jilin, Shanghai, Jiangsu, Zhejiang, Anhui, Fujian, Shandong, Henan, Hunan, Guangdong, Guangxi, Chongqing, Sichuan, Xinjiang are initially scheduled to launch the pilot program.
The Circular requires that, through the pilot program:
- the rationality, effectiveness and operability of rules, standards and procedures of classification and grading for cybersecurity of industrial Internet enterprises, and security-series protection specifications for industrial Internet shall be perfected, and the construction of a classified and graded management system for cybersecurity of industrial Internet enterprises shall be accelerated;
- the main responsibility of the cybersecurity of pilot enterprises shall be performed, to form a reproducible and popularized classified and graded management model of cybersecurity of industrial Internet enterprises; and
- a batch of typical solutions for cybersecurity of industrial Internet shall be summarized, a batch of excellent demonstration enterprises shall be selected, and a batch of professional service organizations shall be cultivated.
SPP issued the Provisions on the Handling of Cybercrime Cases by the People’s Procuratorates
On January 25, 2021, the Supreme People’s Procuratorate (“SPP”) issued the Provisions on the Handling of Cybercrime Cases by the People’s Procuratorates (the “Provisions”) for implementation as of the date of issuance.
The Provisions has a total of 65 articles in seven chapters, including general provisions, guided collection of evidence and case review, review of electronic data, and attendance in court in support of public prosecutions.
The Provisions require that the people’s procuratorate should strengthen the punishment in handling cybercrime cases in whole and pay attention to examining and discovering the clues of upstream and downstream related crimes. For a suspected crime, if the public security organ does not put it on file for investigation and should apply for approval of arrest but does not apply for approval of arrest, or if the case should be transferred for prosecution but does not be transferred for prosecution, supervision shall be carried out according to law.
If you would like to receive our legal update via email, please contact firstname.lastname@example.org.
For more information, please contact:
Samuel Yang | Partner
AnJie Law Firm
P: +86 10 8567 2968
M: +86 1391 0677 369
Hongquan (Samuel) Yang is a partner with AnJie Law Firm. He has worked as in-house counsel and external lawyer in the technology, media and telecoms (TMT) sectors for nearly 20 years and is regarded as a true expert in these areas. He advises clients on a wide range of regulatory, commercial and corporate matters, especially in telecommunications, cybersecurity, data protection, internet, social networking, hardware and software, technology procurement, transfer and outsourcing, distribution and licensing, and other technology-related matters. He also advises clients on compliance and investigation matters.
Samuel has been recognized as a Leading Individual in PRC TMT firms (Legal 500, 2020), a Band 1 Cyber Security & Data Protection Lawyer (LEGALBAND, 2019, 2020) and one of the Top 10 Cyber Security and Data Protection Lawyers in China (LEGALBAND, 2018). Legal 500 commented that Samuel and his team at AnJie have a particular strength in “telecom-related regulatory and general commercial legal services” and “issues such as cyber security and data protection areas” and have “built a real niche” in these areas.
Samuel mainly serves Fortune 500 companies, large state-owned enterprises and leading Chinese internet companies. Samuel is a regular contributor to many legal journals and his publications regarding Chinese data protection and cybersecurity laws are well-received and widely reproduced.
Before joining AnJie, Samuel worked for British Telecom, CMS and DLA Piper.