China Releases Draft Regulations, Strengthening Consumer Privacy.

8 December, 2016

On August 5, 2016, the State Administration of Industry and Commerce (SAIC) in China released for public comments draft Implementing Regulations for the Consumer Rights Protection Law (“Draft Regulations”) which include specific provisions on data privacy. With respect to data privacy, the Draft Regulations largely reiterate and reinforce the existing rules under the 2013 Consumer Rights Protection Law (“2013 CRPL”) (see our November 12, 2013, blog post) but with certain additional details and clarifications, as well as certain new requirements.

The Draft Regulations reiterate that consumer business operators must: obtain the consent of consumers when collecting personal information and notify consumers of the purpose, means, and proposed use of such personal information; keep consumers’ personal information confidential and not transfer, sell, or illegally disclose the same without consent; and adopt appropriate technical and other measures to ensure security and take immediate remedial action in the event of any unauthorized disclosure, theft, or loss of information.

The Draft Regulations include new and complementary information and requirements. For example, business operators may only collect personal information which is relevant to their business operations; must retain for at least five years evidence that a consumer has been duly notified and given consent regarding the collection of personal information; and are prohibited from doing commercial marketing through electronic messages or telemarketing calls unless the consumer has consented to this. The scope of what is treated as “personal information” of consumers is also expanded to expressly include biometric data.

There is one important and clear new exception in that business operators may transfer personal information

without consent if such information has been irreversibly processed and desensitized so that it is impossible to identify the specific individual consumer.

TIP: The Draft Regulations have not yet been finally approved and issued. There could be further changes, although the current draft fits neatly with the 2013 CRPL and seems to emphasize the drive for more detailed and unified laws relating to data privacy in China, especially in the consumer space. Penalties for non-compliance are significant, especially by China standards. Foreign businesses operating in China should ensure that they are meeting the current requirements and aware of any further changes in both law and practice.

For further information, please contact:

Matthew Durham, Partner, Winston & Strawn

matthew.durham@winston.com

China Releases Draft Regulations, Strengthening Consumer Privacy.

UK – Non-Party Access To Court Documents: Court Of Appeal Interprets Leading Supreme Court Authority.

Philippines – Employee Data Retention Period.

- Nilo T. Divina - DivinaLaw,

Philippines – Squeezing Out Repairs.

- Nilo T. Divina - DivinaLaw,

Philippines – NPC Guidelines On Personal Data Processing In Court.

- Nilo T. Divina - DivinaLaw,

Hong Kong – The Advance Decision On Life-Sustaining Treatment Bill.

India – Decoding Supreme Court’s Landmark Decision On ‘Seat’ Vs. ‘Venue’ In Arbitration.

India – Timeline To Follow Under Section 9(2) Of The Arbitration And Conciliation Act 1996.

India – CCPA Schools Coaching Centres On Misleading Advertisements.

India – Karnataka High Court Rules Cab-Aggregator Drivers Are Employees Under Posh Act: Broader Implications For Gig Workers In India.

Thailand – Thai SEC Proposes Changes To Takeover Rules.

CONVENTUS LAW

OTHERS

China Releases Draft Regulations, Strengthening Consumer Privacy.

Register for your monthly Asia legal updates from Conventus Law

- Manisha Singh - Lex Orbis,

Footer

CONVENTUS LAW

OTHERS