hldataprotection.com informs that China’s privacy law went into effect on 15 March.
It is called “Several Provisions on Regulation of the Order of Internet Information Service Market” and it only envisages data processing by Internet Providers.
“The new regulation is the first national level of regulation that provides a definition of “user personal information” and that contains specific obligations and liabilities of IISPs to protect user personal information. Specifically:
- Definition of “User Personal Information”: Under the new regulation, “user personal information” is defined as the information relevant to the users that can ascertain the identity of the users independently or in combination with other information.
- Obligations and Liabilities of IISPs: IISPs are prohibited from (a) collecting user personal information or providing user personal information to third parties without the user’s consent; and (b) collecting information that is not necessary to provide their services, or using user personal information for any purpose other than providing those services.
- Additional Obligations: The new regulation requires IISPs to expressly inform the user of the method, content and purpose for collecting and processing personal information after consent for collection has been provided by the user. In addition, IISPs are required to properly safeguard personal information of users and take remedial measures to mitigate any harm resulting from actual or potential disclosure of the person information kept by IISPs. In the event of disclosure with potentially serious repercussions, IISPs must immediately report the event to the competent telecommunication authority and cooperate in any investigation conducted by the authority.
- Penalties for Non-Compliance: The new regulation sets out penalties against non-compliance, including an official warning and possible concurrent fine of more than RMB 10, 000 but less than RMB 30, 000, and providing an announcement to the public.”
Read the whole story HERE.