MIIT promulgates regulations on data protection for telephone, telecommunications and Internet services.

Posted on

On 16 July, the Ministry of Industry and Information Technology (MIIT) promulgated two new regulations: the Telecommunications and Internet Personal User Data Protection Regulations and the Telephone User Real Identity Information Registration Regulations. These measures had been made available for public consultation in April (see: telecommunications, telephone).

On the telecommunications side, the draft has not been significantly altered in most respects. The majority of changes are language clarifications and do not impose new entitlements or obligations. The following points, however, are noteworthy.

  • In Article 9, the obligation of telecommunications businesses (TBs) and Internet service providers (ISPs) to notify users about the duration of information preservation is removed.
  • The same Article obliges TBs and ISPs to cease collection and use of personal data after the termination of services, and must provide means to close accounts to users.
  • In Article 13(5), the obligation to conduct regular security risk assessments is replaced by the obligation to adopt anti-hacking, anti-virus and other measures.
  • In Article 14, the role of administrative offices in dealing with information leaks or damage is expanded. This Article institutes a provision whereby provincial administrative departments must report grave instances to MIIT, and may demand TBs and ISPs to take preliminary measures before administrative procedures are completed.
  • In Article 16, the duty of TBs and ISPs to self-inspect data protection measures is specified, it must take place one annually.
  • The administrative punishment of making the unlawful activities of enterprises public is added.

The latter four points are present as well in the Regulations on telephone user information. Furthermore, the following updates are made to the telephone regulations in comparison with the earlier draft:

  •  The requirement to collect personal information when upgrading telephone service is dropped from Article 3.
  • Article 4, which outlines administrative responsibilities of central and local departments is greatly simplified.
  • A letter of entrustment from the user is no longer necessary in cases of agency for connection. (Article 6)
  • TBs may not increase users’ obligations without authorizations when upgrading services. (Article 20)

Furthermore, MIIT has provided more background through two interviews with spokesperson Li Guobin: one each for the telecommunications and telephone regulations.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s