Recently the revised version of the Administrative Measures for the Licensing of Telecommunication Business Operation (Draft) (“the Draft”) was published by the Ministry of Industry and Information Technology (“MIIT”) for public comments.

Article 3 is new in the Draft, which provides that China will establish an integrated management platform for the telecommunication industry, to promote the online license application, approval and management, and the publication, inquiry and sharing of related information.

The Draft added a new provision in Article 5 and 6, providing that to apply for telecommunication business license “the company and its main management personnel are not on the List of Dishonest Telecommunication Business" (“the List”), which aims to strengthen the binding effect and guiding function of the industry credit mechanism encouraging business operators to be honest and value credibility. In accordance with this provision, companies will not be allowed to apply for telecommunication business license if it is on the List.

The Draft made significant modification to Article 36 and 37, which have replaced the Annual Inspection System by the Annual Report and Publication System. In the first quarter of each year, the telecommunication business operators shall report to the authority their whole-year operation performance, special matters, and how their network and information security mechanism was executed in the previous year.

Recently the Office of State Commercial Cryptography Administration (OSCCA) released the Cryptography Law of the People’s Republic of China (Draft for Public Comments) (“the Draft”). Highlights of the Draft are as follows:

  • Article 11 sets forth that commercial encryption products that are sold or used in business activities, as well as the provision of commercial encryption services are subject to approval of competent authority in accordance with relevant catalogues.
  • Article 12 provides that Critical information infrastructure shall be protected by the use of encryption according to the provisions of laws and regulations as well as the mandatory requirements of encryption-related national standards.
  • Article 15 provides that the government will strengthen the encryption security system, improve the encryption security management regulations, and consolidate the encryption security protection capabilities.
  • Article 17 provides that the government will fortify the encryption monitoring and authentication systems, and will work out encryption monitoring and authentication rules. Article 18 provides that the government will conduct categorized and hierarchical evaluation of the encryption security in critical information infrastructure.
  • Article 22 provides for government support to scientific and technological research on encryption, academic exchanges and the development of the encryption industry. The government will provide legal protection to encryption intellectual property rights to stimulate innovation of encryption technology.
  • Article 23, 24, 25, and 26 provide for regulations on the encryption industry from the perspective of standardization system, awards for encryption technology, development of encryption talent teams and encryption education and popularization.

 In the Draft Fourth Amendments to the Chinese Patent Law released for public comment in end of 2015, SIPO proposes in Art. 2(4) that China should allow partial design to be patentable, which expands the scope of design patent from merely design of a product to partial design of a product. And according to the State Council’s 2017 Legislative Work Plan, revising the Draft Fourth Amendments to the Patent Law is a project to be completed within the year.

It came to our attention that an unofficial survey (at https://sojump.com/m/13469141.aspx?from=singlemessage&isappinstalled=0) was released on April 18, 2017 seeking opinions from private sector regarding protection of partial design and patent evaluation report. This survey is trying to see how introducing partial design to China will affect private businesses in protecting their micro innovation, and whether scope of eligible applicant and timing for applying for patent evaluation report should be changed from private perspective.

We will monitor the development closely and once the Fourth Amendments to the Patent Law is passed, we will be expecting more detailed rules regarding application requirements and scope of protection for partial design in implementation rules and examination guidelines.

China Academy of Information and Communications Technology (CAICT) and China Communications Standardization Association (CCSA) held 2017 Big Data Industry Summit on March 28 and 29 instructed by the Ministry of Industry and Information Technology of PRC.

During the summit experts reported on big data sharing, open and protection and other issues. “Big Data Industry Development Plan (2016-2020)” was expounded by the summit. Meanwhile, CAICT announced the results of data flow testing, trusted application store evaluation, big data product evaluation. China Telecom Co., Ltd. cloud computing branch (中国电信股份有限公司云计算分公司) and other six companies become the first batch companies which have passed the data flow testing. Other six companies’ products such as “360 mobile assistant “were awarded a trusted application store certificate.

Here are some highlights conveyed in the summit:

  1. Big data industry in China is currently based on the Cyber Security Law for the management requirements. There are no specific regulatory guidelines at present.
  2. CAICT has proposed a cross-border data flow assessment policy, covering elements such as size of the data, type of data, legal protection level in the receiving countries, and bilateral relations with such receiving countries.
  3. Data for key industries can be regularly assessed by the government to determine whether cross-border or conditional cross-border transfer is allowed.
  4. The principle of authorization includes the user’s direct consent or indirect consent, and it is recommended that different assignments be classified and the authorization process should be clearly defined.
  5. It is recommended to provide clearer guidance in order to achieve the true data desensitization through a standard for data output patterns and data desensitization requirements. It is advisable to have an ex post supervision (instead of a pre-approval system) or third party evaluations and improve the corresponding standard mechanism. Meanwhile, it is recommended that there should be a corresponding emergency mechanism and a reasonable risk compensation mechanism.

 

China’s NPC passed the General Provisions of the Civil Code on March. Highlights are as follows:

  • Article on personal information protection: There is a new article in the draft which provides legal protection on personal information stating that any organization or individual shall ensure that the collection of personal information should be in accordance with the law, and the personal information shall not be used, processed or transmitted, sold, offered or disclosed illegally. Violators should bear the compensation for losses and other civil liabilities.
  • An official recognition of privacy in the civil code again shows the emphasis on legislature in this area. This will build some foundation for private companies to use civil lawsuits to protect their privacy. Corporations need to be more vigilant about legal risks of personal information disclosure and related controversies, including in trading with third-party companies. In the Sina vs Maimai(脉脉) lawsuit, the Beijing Intellectual Property Court made a final verdict that Maimai should compensate Sina for obtaining Sina users’ personal information without Sina’s authorization. Sina was not sued by any of its users, but there remains such legal risk.

The 6th Interdepartmental Ministerial Meeting on Promoting the Use of Copyrighted Software was held at the end of February. The routine annual meeting summarized the achievements in 2016 and passed the 2017 work plan. It was stated at the meeting that basically all central SOEs, medium and large financial institutions, press and publishing companies are using copyrighted software, which is gradually entering more private companies. However, it is a widely-known fact that the government copyrighted software initiatives at the current stage only cover OS, antivirus and OA software. There is still a long way to go to comprehensively popularize copyrighted software nationwide.

A highlight of the meeting which is worth mentioning is the call for integrating the efforts in promoting copyrighted software with information safety. As the latter in practice has been easily interpreted as an encouragement to Chinese indigenous products, it would naturally bring challenges to BSA members.

In his Government Work Report presented at the NPC in early March, Premier Li Keqiang stated that China is to initiate a comprehensive intellectual property administrative reform pilot to improve the existing mechanism for IP creation, protection and usage.

A guideline proposing IP administrative reform was released by the State Council in January this year. According to the guideline, a one-year pilot reform of IP rights protection will be carried out in regions jointly selected by the State Intellectual Property Office (SIPO), the State Administration for Industry and Commerce (SAIC) and the National Copyright Administration (NCA).

Under the current system, multiple government departments including SIPO, SAIC and NCA are involved in IP regulation, while at the local law enforcement level the responsibilities are also dispersed in different local agencies. Such mechanism has been proved inefficient and not strong enough to protect IP rights. To address this problem, the guideline introduces an integrated enforcement mechanism under the pilot program.

The new measure shows greater importance attached by the Chinese government to consumer protection, which is a good news to the business operation of name brands.

Recently, SAIC issued a new Opinion to push forward “12315”(the consumer complaint and enquiry hotline) related actions in order to further protect consumers’ rights and interests, with the key measures listed as below:

  • Improve the telephone and web platform of the hotline;
  • Effectively analyze and use the data collected through the hotline in market regulation and in the policy making process;
  • Extend the coverage of the hotline to third party E-Commerce platforms and TV shopping, etc.;
  • Encourage the establishment of an efficient consumer complaint settlement mechanism featuring “advance compensation payment” by business operators like e-commerce platforms, TV shopping channels, and big shopping malls.

Read the text
 

 

Before handing over power-of-attorney to third party brand protection agencies, brand owners need to carry out effective due diligence. It is also worthwhile for them to guard against the tendency of weakening IPR protection by Alibaba and other platforms at the excuse of “malicious” complaints.

In early February, Alibaba announced that it would no longer process IP violation complaints from an IP agency called Hangzhou Wangwei Technology. According to Alibaba, Wangwei has filed thousands of complaints, of which more than 60% since 2015 have ended up being withdrawn after counter-appeals from merchants.

The blocking of Hangzhou Wangwei is part of a wider campaign of Alibaba against the so-called malicious complaints. Alibaba has accused several IP agencies for filing false accusations about the sale of fake goods and intellectual property violations on its online shopping platform, calling for merchants to boycott those agencies. Alibaba claims that 24% of all complaints it receives are deemed “malicious” and “a drain on the group’s efforts to stamp out counterfeits”.

Although these warnings are not aimed at brand owners, which shall not be regarded as a setback in Alibaba’s IPR protection efforts, the action against the “malicious’ agencies may divert the attention of the platforms from IPR protection.

Read the text

 

As the first implementing rules for the Cybersecurity Law, the Draft Measures define the framework for the Chinese cybersecurity review system, which may impose significant influence on entities’ digital assets and future IT solutions. Related entities are suggested to closely monitor its development.

On Saturday, February 4, the Cybersecurity Administration of China (CAC, also translated as China Internet Information Office) released the Security Review Measures for Network Products and Services (Draft) (“Draft Security Review Measures”). Please see attached the courtesy translation by AnJie and the CAC website (http://www.cac.gov.cn/2017-02/04/c_1120407082.htm). Public comments are due March 4, 2017.

Preliminary Analysis:

The Draft Security Review Measures appear to implement elements of the National Security Law and Cybersecurity Law. The 16 articles address some of the most challenging concepts and issues in the cybersecurity review mechanism stipulated in the Cybersecurity Law.

Highlights include:

1. The purpose of the Draft Security Review Measures is to enhance “securable and controllable level of the network products and services”, ensure the safety of the supply chain and implement the National Security Law and Cybersecurity Law. (Art. 1)

2. Art. 2 and Art. 11 deal with the scope of application. Art. 2 generally stipulates that “important” network products and services concerning the “national security and public interest” should be subject to security review. Art. 11 further specifies that the network products and services purchased by Critical Information Infrastructure (CII) operators should go through security review as long as “it may impact national security.” (Art. 2, 11)

Comment: Art. 35 of Cybersecurity Law only requires security review for CII related products and services. However, Art. 59 of the National Security Law requires security review for “foreign investment…that affect or may affect national security, construction projects that involve national security matters, and other major matters and activities to effectively prevent and resolve national security risks.”

There may be a legal question as to whether the Draft Security Review Measures are effectively expanding the scope of the security review beyond the law.

3. The security review is to focus on four kinds of risks endangering “security and controllability,” including (1) instability, (2) threat to supply chain integrity, (3) illegal data retention, and (4) abuse of user dependency (the risk that providers may conduct unfair competition and harm users “by taking advantage of dependency of the users”). (Art. 4)

Comment: Some of these “risks” may exceed the scope of cybersecurity.

4. The CAC will align with other government departments to establish a Network Security Review Office and engage experts. Third parties certified by the CAC will undertake particular reviews. (Art. 5, 6, 7, 8, 12, 13)

Comment: This may raise concerns regarding the competency and neutrality of third parties conducting security review activities.

5. The finance, telecom, and energy sector regulators will conduct security reviews separately, while security reviews in other sectors are to be organized by CAC. (Art. 9)

6. The party and government agencies, as well as “key industries” should place a priority on procuring network products and services which have passed security review and should not procure products and services that have failed to pass security review. (Art. 10)

Comment: The scope of “key industries” is unclear.

7. The Network Security Review Office will have the authority to issue a security evaluation report on the security level of relevant providers on an ad hoc basis. (Art. 14)

Comment: It may be worth considering whether such reports may expose providers’ trade secrets or other legitimate interests.