Chinese regulations are constantly developing and news emerges on these changes on a regular basis. Since the start of 2015, Chinese regulators have paid particular attention to data privacy and security issues, which have informed new laws and nationwide regulations.
This is imperative as there have been a number of potential data breaches and security leaks in recent months, which have concerned the Chinese government.
Below, we summarise the main events in China’s data security development calendar from the last 18 months:
January 2015 – Clarification of Consumer Data Use
The State Administration of Industry and Commerce (SAIC) released plans to implement the Consumer Rights Protection Law (CRPL) on January 5th 2015. This focused on the misuse of personal information, protocol for protecting consumer data and the penalties for exposure.
‘Personal information of consumers’ was defined and the measures were introduced on March 15th 2015.
February 2015 – Personal Information Protection Legislation Announced
In February 2015, the Cyberspace Administration of China (CAC) declared that new legislation would be put in place to monitor the improper collection, use and sale of personal information.
May 2015 – Restrictions Placed on Advertisers for Disclosing Contact Information
On May 19th 2015, the Ministry of Industry and Information Technology (MIIT) published its planed governance of SMS marketing. It stated companies must comply with requests from consumers not to contact them, to disclose their details to third parties, and for consumers to refrain from future marketing.
These regulations came into place in June 2015.
July 2015 – China’s National Security Law Put in Place
On July 1st 2015, the Standing Committee of the National People’s Congress (NPC) passed the National Security Law, which would improve safety provisions across a number of issues. The legislation covers everything from politics to the military, the economy and of course, data protection.
Article 77 states that citizens and corporations should “timely report information on activities that may damage national security”, “provide (to the authorities) accurate evidence on activities that may damage national security”, “protect national secrets” and “provide necessary support and assistance to national security, public security, and relevant military agencies.”
The same month the NPC released a draft of the Network Security Law - rulings that would apply to any individual or entity that builds, operates or maintains Chinese networks. Many of the regulations mirror previous legislation, but new features focus on the notification of data breach cases, data localisation and security assessments of file sharing in China, as well as a more in-depth definition of ‘personal information’.
December 2015 – Counter-Terrorism Law Caused Confusion Over Data Protection
On December 27th, the NPC enacted the Counter-Terrorism Law which soon saw major companies pondering what this meant for corporate data protection and security policies.
New requirements of the law rule that companies must hand over access and decryption keys to the authorities if requested, as well as set up and maintain monitoring and network security processes.
December 2015 – PBOC Published the NBPI Measures
The following day the People’s Bank of China (PBOC) published the Administrative Measures for Online Payment Business of Non-Bank Payment Institutions (NBPI measures).
A supplement to changes implemented in September 2010, these measures look at online payments. This is of particular interest due to the risks associated with collecting and storing sensitive information. This new law makes sure that risk control systems are put in place with passwords and verification codes. It also states certain bank card details must not be kept unless completely necessary.
March 2016 – MIIT Published
In March, China’s Ministry of Industry and Information Technology (MIIT) proposed new rules to govern internet domain names. These recommended further scrutiny and more perverse censorship of certain sites, something that has caused much worry for domains hosted outside of China.
The Future of File Sharing China
For the latest news and developments from China, read our monthly update series. Find it here.
If you’re interested in file sharing with China, learn more about our hosted FTP data transfer platform and start your free trial here.