SIIO

Internet Public User Account Information Service Management Regulations (Revision Draft – Opinion-seeking Version)

Posted on Updated on

Chapter I: General provisions

Article 1: These Regulations are formulated in order to standardize Internet public account information services, safeguard national security and the public interest, and protect the lawful interests of citizens, legal persons and other organizations, on the basis of the “Cybersecurity Law of the People’s Republic of China”, the “Internet Information Service Management Rules”, the “Online Information Content Ecology Governance Regulations” and other such laws, regulations and relevant State provisions.

Article 2: These Regulations apply to the provision and conduct of Internet public account information services within the territory of the People’s Republic of China.

Internet public accounts as mentioned in these Regulations, refers to online accounts of Internet users registered and operated on Internet sites, application software and other such online platforms, to produce and disseminate written, pictorial, audiovisual and other such information content to the social public.

public account platform as mentioned in these Regulations, refers to online information service providers providing public account registration and operation, information content dissemination and technical protection services to Internet users.

Public account producers and operators as mentioned in these Regulations, refers to natural persons, legal persons and non-legal person organizations registering and operating public accounts and engaging in content dissemination. 

Article 3: The national cybersecurity and informatization department is responsible for Internet public account information service supervision, management and law enforcement work nationwide. Local cybersecurity and informatization departments are, according to their duties and responsibilities, responsible for Internet public account information service supervision, management and law enforcement work within their administrative areas.

Article 4: Public service information service platforms and public account producers and operators shall abide by laws and regulations, fulfil social responsibilities and moral responsibilities, uphold the correct public opinion orientation and value orientation, carry forward the Socialist core value view, produce and disseminate healthy and upward, true and objective excellent information content, create a crisp and bright cyberspace, and stimulate progress of society and civilization. 

All levels’ Party and government bodies, enterprise and undertaking work units, and people’s organizations are encouraged to register and operate public accounts, produce and disseminate high-quality government affairs information or public service information, satisfying public information demand, and promoting economic and social development.

Public service information service platforms are encouraged to vigorously enhance government affairs information publication, public service and social government levels for Party and government bodies, enterprise and undertaking work units, and people’s organizations, provide full and necessary technical support and security protection.

Article 5: Public account information service platforms providing Internet public account information services, shall obtain corresponding qualifications as provided in national laws and regulations.

Public service information service platforms and public account producers and operators shall obtain an Internet news information service licence to provide Internet news information services to the social public.

Chapter II: Public service information service platforms

Article 6: Public service information service platforms shall bear dominant responsibility for information content and public account management, allocate management personnel and technical capabilities suited to the business scale, appoint persons to position responsible for content security, establish, complete and strictly implement management structures for account registration, content examination and verification, information inspection, ecological governance, emergency response, cybersecurity, data security, personal information protection, copyright protection, credit evaluation, etc., and uphold the security of the platform’s information content and public accounts, and the security of data and personal information. 

Public service information service platforms shall, on the basis of relevant laws and regulations and relevant State provisions, formulate and publish management norms and platform conventions for information content production, public account operations, etc., and conclude service agreements with public account producers and operators, clarifying both sides’ content dissemination limitations, account management responsibilities and other such rights and obligations. 

Article 7: Public service information service platforms shall, according to relevant national standards and norms, establish categorized public account registration and categorized production structures, implement categorized management, and file the matter with the provincial, autonomous region or municipal cybersecurity and informatization department of the locality of the public account.

Public service information service platforms shall, on the basis of indicators and dimensions such as an account’s information content quality, the credit evaluation of the account’s subject, etc., establish tiered management structures, and implement tiered account management. 

Public service information service platforms formulating content production and account operations management norms, platform conventions and other such important structures and measures shall file them with the local provincial, autonomous region or municipal cybersecurity and informatization department; when bringing related new technologies, new applications or new functions online, they shall conduct a security assessment according to relevant regulations. 

Article 8: Public service information service platforms shall adopt measures such as composite verification, etc., to conduct real identity information authentication  of Internet users applying to register for a public account, based on mobile telephone number, resident identity card number or unified social credit code and other such methods, and raise the accuracy of authentication. Where users do not provide real identity information, or improperly use real identity information of organizations, bodies or other persons to conduct a false registration, no related service may be provided to them.

Public service information service platforms shall conduct inspection of the legal and regulatory compliance of public account names, portraits, bios, etc. of public accounts registered by Internet users, where they discover an account name, portrait or bio does not conform to the subject’s real identity information, and especially where they use or link to Party or government bodies, enterprise and undertaking work units and other such organizations and bodies or well-known social personalities without authorization, as well as where the corresponding registration information contains unlawful or harmful information, they shall suspend the provision of services and notify the user to correct matters within a limited time, where these refuse to correct the matter, the provision of services shall be terminated.

Public service information service platforms shall prohibit public accounts closed according to the law or to the convention to re-register under a similar name; where an account name with a high degree of connectedness to them is registered, the real identity information, service qualifications, etc. of the account subject shall also be subject to necessary checks.

Article 9: Public service information service platforms shall require public accounts applying to register and engage in the production of information content in areas such as economics, education, health, judicial affairs, etc., require users to provide their specialized background at the time of registration, as well as corresponding materials to prove professional qualifications or service qualifications they have acquired according to laws and administrative regulations, and conduct the necessary checks.

Public service information service platforms shall add a special symbol to public accounts after they are checked and passed, and according to the different subject nature of the user, externally announce content production categories, the name of operating subjects, the registered business address, uniform social credit code, contact method and other such registration information, to facilitate social supervision and inspection. 

Public service information service platforms shall establish dynamic checking and inspection structures, and at suitable times check the veracity and validity of registration information of producers and operators. 

Article 10: Public service information service platforms shall set reasonable upper limits to the number of registered public accounts of the same subject on their platform.  Where users apply to register for multiple public accounts, their subject nature, service qualifications, business scope, credit evaluation etc. shall also be checked.

Public service information service platforms may, on the basis of the service agreement suspend or terminate provision of services to public accounts who have not logged on or have been used for over six months after the Internet user registered.

Public service information service platforms shall complete technical measures to prevent and deal with unlawful registration acts by Internet users such as registration in excess of quota, malicious registration, false registration, etc.

Article 11: Public service information service platforms shall, according to the law and the convention, prohibit public account producers and operators to transfer, lend or illegally trade, sell or buy public accounts in violation of regulations. 

Where public account producers and operators transfer or donate public account use rights to other users, they shall put forward an application with the platform. The platform shall, on the basis of the provisions in the previous Paragraph, authenticate and check the user on the receiving side, and publish the subject change information. Where the platform discovers a producer or operator has transferred a public account without inspection or authorization, it shall timely suspend or terminate the provision of services.

Public account producers and operators voluntarily terminating account operations may apply with the platform for suspension or termination of use. The platform shall suspend or terminate the provision of services according to the service agreement. 

Article 12: Public service information service platforms shall establish public account supervision and assessment mechanisms, and prevent acts of falsification of account subscriptions, user following numbers, content click rates, repost or comment quantities and other such data.

Public service information service platforms shall standardize public account recommendation, subscription and following mechanisms, and complete technological measures to timely discover and deal with unusual changing circumstances in account subscription and following numbers. Without the knowledge and agreement of the Internet user, subscription and following of other users’ public accounts may not be forced.

Article 13: Public service information service platforms shall establish tiered credit management systems, and provide corresponding services on the basis of credit tiers.

Public service information service platforms shall establish and complete mechanisms to warn for, discover, trace, refute, delete and in other ways deal with online rumours and other such false information, and reduce the credit tier or blacklist public account producers and operators who produced and disseminated rumours and other such false information. 

Article 14: Public service information service platforms shall, when conducting content supply and account recommendation cooperation with producers and users, standardize commercial activities such as management of advertising and operations, knowledge payment, e-commerce sales, user gratuities, etc., they may not disseminate false advertising, conduct exaggerated propaganda, commit commercial fraud, etc., preventing operations violating laws and regulations. 

Public service information service platforms shall strengthen copyright protection of originally produced information content, preventing acts of piracy and infringement. Platforms may not abuse their advantaged position to interfere in the lawful and compliant operations of producers and operators, or infringe users’ lawful rights and interests.

Chapter III: Public account information producers and operators.

Article 15: Public account information producers and operators shall, on the basis of categorized platform management norms, at the time of registering the public account, accurately fill out user’s subject nature, registered location, business location, content production category, contact method and other such basic information, enterprises, organizations, bodies and other such Internet users shall also indicate their main activity or business scope.

Public account producers shall aide by platform management norms, platform conventions and service agreements, and engage in information content production and dissemination in the relevant sectoral area on the basis of the registered content production category indicated at the time of public account registration.

Article 16: Public account producers and operators shall bear dominant responsibility for information content production and public account operations and management, and engage in information content production and account operations and activities according to laws and regulations. 

Public account producers and operators shall establish and complete  information content security examination and verification mechanism for the entire process of topic planning, editing and production, dissemination and popularization, interactive comments, etc., strengthen gatekeeping over information content’s orientation, veracity and legality, and maintain a benign order in online communication. 

Public account information producers and operators shall establish and complete security management mechanisms for the entire process of public account registration and use, operations and popularization, etc., manage and operate the account in a civilized, rational and standardized manner, attract the public’s attention, subscription, interaction and sharing with high-quality information content, and maintain a benign social image of the account.

Article 17: Public account producers and operators shall, when reposting information content originally created by other persons, abide by copyright protection-related laws and regulations, indicate the original creator and a traceable information source, and respect and protect the lawful rights and interests of copyright holders. 

Public account producers and operators shall manage messages, posts, comments and other such interactive segments on their account. Platforms may, on the basis of the subject nature and credit tier of the public account, rationally set up management limits, and provide corresponding technological support. 

Where public account producers and operators conduct account operations, content provision and other such cooperation with third-party bodies , both sides shall conduct checks and gatekeeping of the account’s operations and activities, supplied information content, etc.

Article 18: Public account producers and operators may not commit the following acts in violation of laws and regulations:

(1) Not registering with real identity information, or registering with a public account name, portrait, bio, etc. that is not conform with one’s own real identity information;

(2) Maliciously posing as, imitating or misappropriating the public account of an organization, body or other person to produce and disseminate information content;

(3) Providing Internet news information gathering, dissemination and other such services without a licence or in excess of a licence’s scope;

(4) Manipulatively using accounts on multiple platforms, to publish batches of homogenous information content, generating false flow data, and creating false public opinion hot spots;

(5) Using sudden public incidents to incite extreme emotions and acts, or commit online violence harming the reputation of other persons and organizations, influencing social harmony and stability;

(6) Fabricating false information, counterfeiting originally-created content, quoting or concocting untrue information sources, distorting facts and truths, misleading the social public;

(7) Using paid dissemination and deletion of information and other such methods to commit illegal online surveillance, marketing frauds, extortion and blackmail, in pursuit of improper gain;

(8) Registering in batches, hoarding or illegally trading, buying and selling public accounts;

(9) Producing, reproducing or disseminating unlawful information, or not adopting measures to prevent and resist the production, reproduction or dissemination of harmful information;

(10) Other acts prohibited in laws and administrative regulations. 

Chapter IV: Supervision and management

Article 19: Public service information service platforms shall strengthen supervision and management of public service information service activities, and timely discover and deal with information or activities violating laws and regulations. 

Public service information service platforms shall, on the basis of service agreements and platform conventions, adopt measures to deal with public accounts violating these regulations and relegated laws and regulations including warnings and alerts, limiting account functions, suspending content renewal, ceasing advertising dissemination, closing or cancelling accounts, blacklisting, termination of re-registration, etc., preserve relevant records, and timely report the matter to cybersecurity and informatization and other such relevant competent department. 

Article 20: Public service information service platforms and producers and operators shall consciously accept social supervision.

Public service information service platforms shall set up eye-catching and convenient reporting interfaces, publish appeals, complaints and reporting methods and other such information, complete reporting information acceptance, screening, handling and feed-back mechanisms, clarify handling workflows and feed-back time limits, and timely and effectively deal with complaints by producers and operators, and complaints and reports from the public.

Internet sectoral organizations are encouraged to conduct public appraisal, promote strict self-discipline of public service information service platforms and producers and operators, establish authoritative mediation mechanisms with participation from multiple sides, fairly and relationally resolve sectoral disputes, and safeguard users’ lawful rights and interests according to the law.

Article 21: All levels’ cybersecurity and informatization departments will establish and complete coordinated supervision and management work mechanisms together with relevant competent departments, to supervise and guide public service information service platforms and producers and operators to conduct related information service activities according to laws and regulations.

Public service information service platforms and producers and operators shall cooperate with relevant competent departments’ lawful conduct of supervision and inspection, and provide the necessary technical support and assistance. 

Where public service information service platforms and producers and operators violate these Regulations, cybersecurity and informatization departments and relevant competent departments will impose punishment according to relevant laws and regulations within their scope of duties and responsibilities.

Article 22: These Regulations take effect on (day, month) 2020.

互联网用户公众账号信息服务管理规定(修订草案征求意见稿)

第一章 总则
第一条 为规范互联网用户公众账号信息服务,维护国家安全和公共利益,保护公民、法人和其他组织的合法权益,根据《中华人民共和国网络安全法》《互联网信息服务管理办法》《网络信息内容生态治理规定》等法律法规和国家有关规定,制定本规定。

第二条 在中华人民共和国境内提供、从事互联网用户公众账号信息服务,应当遵守本规定。

本规定所称互联网用户公众账号,是指互联网用户在互联网站、应用程序等网络平台注册运营,面向社会公众生产发布文字、图片、音视频等信息内容的网络账号。

本规定所称公众账号信息服务平台,是指为互联网用户提供公众账号注册运营、信息内容发布与技术保障服务的网络信息服务提供者。

本规定所称公众账号生产运营者,是指注册运营公众账号从事内容生产发布的自然人、法人或非法人组织。

第三条 国家网信部门负责全国互联网用户公众账号信息服务的监督管理执法工作。地方网信部门依据职责负责本行政区域内互联网用户公众账号信息服务的监督管理执法工作。

第四条 公众账号信息服务平台和公众账号生产运营者应当遵守法律法规,履行社会责任、道德责任,坚持正确舆论导向、价值取向,弘扬社会主义核心价值观,生产发布健康向上、真实客观的优质信息内容,营造清朗网络空间,促进社会文明进步。

鼓励各级党政机关、企事业单位和人民团体注册运营公众账号,生产发布高质量政务信息或公共服务信息,满足公众信息需求,推动经济社会发展。

鼓励公众账号信息服务平台积极为党政机关、企事业单位和人民团体提升政务信息发布、公共服务和社会治理水平,提供充分必要的技术支持和安全保障。

第五条 公众账号信息服务平台提供互联网用户公众账号信息服务,应当取得国家法律法规规定的相关资质。

公众账号信息服务平台和公众账号生产运营者向社会公众提供互联网新闻信息服务,应当取得互联网新闻信息服务许可。

第二章 公众账号信息服务平台

第六条 公众账号信息服务平台应当履行信息内容和公众账号管理主体责任,配备与业务规模相适应的管理人员和技术能力,设置内容安全负责人岗位,建立健全并严格落实账号注册、内容审核、信息巡查、生态治理、应急处置、网络安全、数据安全、个人信息保护、著作权保护、信用评价等管理制度,维护平台信息内容与公众账号安全、数据和个人信息安全。

公众账号信息服务平台应当依据相关法律法规和国家有关规定,制定并公开信息内容生产、公众账号运营等管理规则、平台公约,与公众账号生产运营者签订服务协议,明确双方内容发布权限、账号管理责任等权利义务。

第七条 公众账号信息服务平台应当按照国家有关标准和规范,建立公众账号分类注册和分类生产制度,实施分类管理,并将公众账号向所在地省、自治区、直辖市网信部门备案。

公众账号信息服务平台应当依据账号信息内容质量、账号主体信用评价等指标维度,建立分级管理制度,实施账号分级管理。

公众账号信息服务平台制定内容生产与账号运营管理规则、平台公约等重要制度措施,应当向所在地省、自治区、直辖市网信部门备案;上线相关新技术新应用新功能,应当按照有关规定进行安全评估。

第八条 公众账号信息服务平台应当采取复合验证等措施,对申请注册公众账号的互联网用户进行基于移动电话号码、居民身份证号码或统一社会信用代码等方式的真实身份信息认证,提高认证准确率。用户不提供真实身份信息的,或冒用组织机构、他人真实身份信息进行虚假注册的,不得为其提供相关服务。

公众账号信息服务平台应当对互联网用户注册的公众账号名称、头像和简介等进行合法合规性核验,发现账号名称、头像和简介与注册主体真实身份信息不相符的,特别是擅自使用或关联党政机关、企事业单位等组织机构或社会知名人士名义的,以及相关注册信息含有违法和不良信息的,应当暂停提供服务并通知用户限期改正,拒不改正的,应当终止提供服务。

公众账号信息服务平台应当禁止被依法依约关闭的公众账号以相同账号名称重新注册;对注册与其关联度高的账号名称,还应当对账号主体真实身份信息、服务资质等进行必要核验。

第九条 公众账号信息服务平台对申请注册从事经济、教育、卫生、司法等领域信息内容生产的公众账号,应当要求用户在注册时提供其专业背景,以及依照法律、行政法规获得的职业资格或服务资质等相关证明材料,并进行必要核验。

公众账号信息服务平台应当对核验通过后的公众账号加注专门标识,并根据用户的不同主体性质,对外公示内容生产类别、运营主体名称、注册运营地址、统一社会信用代码、联系方式等注册信息,方便社会监督查询。

公众账号信息服务平台应当建立动态核验巡查制度,适时核验生产运营者注册信息的真实性、有效性。

第十条 公众账号信息服务平台应当对同一主体在本平台注册公众账号的数量合理设定上限。对申请注册多个公众账号的用户,还应当对其主体性质、服务资质、业务范围、信用评价等进行核验。

公众账号信息服务平台对互联网用户注册后超过六个月不登录、不使用的公众账号,可以根据服务协议采取暂停或终止提供服务。

公众账号信息服务平台应当健全技术手段,防范和处置互联网用户超限量注册、恶意注册、虚假注册等违规注册行为。

第十一条 公众账号信息服务平台应当依法依约禁止公众账号生产运营者违规转让借用或者非法交易买卖公众账号。

公众账号生产运营者向其他用户转让或赠与公众账号使用权的,应当向平台提出申请。平台应当依据前款规定对受让方用户进行认证核验,并公示主体变更信息。平台发现生产运营者未经审核擅自转让公众账号的,应当及时暂停或终止提供服务。

公众账号生产运营者自行停止账号运营,可以向平台申请暂停或终止使用。平台应当按照服务协议暂停或终止提供服务。

第十二条 公众账号信息服务平台应当建立公众账号监测评估机制,防范账号订阅数、用户关注度、内容点击率、转发评论量等数据造假行为。

公众账号信息服务平台应当规范公众账号推荐订阅关注机制,健全技术手段,及时发现、处置账号订阅关注数量的异常变动情况。未经互联网用户知情同意,不得强制订阅关注其他用户公众账号。

第十三条 公众账号信息服务平台应当建立信用等级管理体系,根据信用等级提供相应服务。

公众账号信息服务平台应当建立健全网络谣言等虚假信息预警、发现、溯源、甄别、辟谣、消除等处置机制,对制作发布谣言等虚假信息的公众账号生产运营者降低信用等级或列入黑名单。

第十四条 公众账号信息服务平台与生产运营者开展内容供给与账号推广合作,应当规范管理广告经营、知识付费、电商销售、用户打赏等经营行为,不得发布虚假广告、进行夸大宣传、实施商业欺诈等,防止违法违规运营。

公众账号信息服务平台应当加强对原创信息内容的著作权保护,防范盗版侵权行为。平台不得滥用优势地位干扰生产运营者合法合规运营、侵犯用户合法权益。

第三章 公众账号生产运营者

第十五条 公众账号生产运营者应当根据平台分类管理规则,在注册公众账号时如实填写用户主体性质、注册地、运营地、内容生产类别、联系方式等基本信息,企业、组织机构等互联网用户还应当注明主要经营或业务范围。

公众账号生产运营者应当遵守平台管理规则、平台公约和服务协议,根据公众账号注册时登记的内容生产类别,从事相关行业领域的信息内容生产发布。

第十六条 公众账号生产运营者应当履行信息内容生产与公众账号运营管理主体责任,依法依规从事信息内容生产和账号运营活动。

公众账号生产运营者应当建立健全选题策划、编辑制作、发布推广、互动评论等全过程信息内容安全审核机制,加强信息内容导向性、真实性、合法性把关,维护网络传播良好秩序。

公众账号生产运营者应当建立健全公众账号注册使用、运营推广等全过程安全管理机制,文明理性、规范管理运营账号,以优质信息内容吸引公众关注订阅和互动分享,维护账号良好社会形象。

第十七条 公众账号生产运营者转载他人原创信息内容,应当遵守著作权保护相关法律法规,标注原创作者和可追溯信息来源,尊重和保护著作权人的合法权益。

公众账号生产运营者应当对账号留言、跟帖、评论等互动环节进行管理。平台可以根据公众账号的主体性质、信用等级,合理设置管理权限,提供相关技术支持。

公众账号生产运营者与第三方机构开展账号运营、内容供给等合作,双方均应当对账号运营行为、供给的信息内容等进行审核把关。

第十八条 公众账号生产运营者不得有下列违法违规行为:

(一)不以真实身份信息注册,或注册与自身真实身份信息不相符的公众账号名称、头像、简介等;

(二)恶意假冒、仿冒或盗用组织机构及他人公众账号生产发布信息内容;

(三)未经许可或超越许可范围提供互联网新闻信息采编发布等服务;

(四)操纵利用多个平台账号,批量发布同质信息内容,生成虚假流量数据,制造虚假舆论热点;

(五)借突发公共事件煽动极端情绪行为,或实施网络暴力损害他人和组织名誉,影响社会和谐稳定;

(六)编造虚假信息,伪造原创内容,引用或捏造不实信息来源,歪曲事实真相,误导社会公众;

(七)以有偿发布、删除信息等手段,实施非法网络监督、营销诈骗、敲诈勒索,牟取不当利益;

(八)批量注册、囤积或非法交易买卖公众账号;

(九)制作、复制、发布违法信息,或未采取措施防范和抵制制作、复制、发布不良信息;

(十)法律、行政法规禁止的其他行为。

第四章 监督管理

第十九条 公众账号信息服务平台应当加强对本平台公众账号信息服务活动的监督管理,及时发现和处置违法违规信息或行为。

公众账号信息服务平台应当依据服务协议和平台公约,对违反本规定及相关法律法规的公众账号采取警示提醒、限制账号功能、暂停内容更新、停止广告发布、关闭注销账号、列入黑名单、禁止重新注册等处置措施,保存有关记录,并及时向网信等有关主管部门报告。

第二十条 公众账号信息服务平台和生产运营者应当自觉接受社会监督。

公众账号信息服务平台应当设置醒目、便捷举报入口,公布申诉、投诉、举报方式等信息,健全举报信息受理、甄别、处置、反馈等机制,明确处理流程和反馈时限,及时有效处理生产运营者申诉和公众投诉举报。

鼓励互联网行业组织开展公众评议,推动公众账号信息服务平台和生产运营者严格自律,建立多方参与的权威调解机制,公平合理解决行业纠纷,依法维护用户合法权益。

第二十一条 各级网信部门会同有关主管部门建立健全协作监管等工作机制,监督指导公众账号信息服务平台和生产运营者依法依规从事相关信息服务活动。

公众账号信息服务平台和生产运营者对有关主管部门依法实施的监督检查,应当予以配合,并提供必要的技术支持与协助。

公众账号信息服务平台和生产运营者违反本规定的,由网信部门和有关主管部门在职责范围内依照相关法律法规处理。

第二十二条 本规定自2020年 月 日起施行。

Determination Rules on Acts of Collecting and Using Personal Information in Violation of Rules and Regulations in Apps

Posted on Updated on

Notice concerning Issuance of the “Determination Rules on Acts of Collecting and Using Personal Information in Violation of Rules and Regulations in Apps”

All provincial, autonomous region, municipal and the Xinjiang Production-Construction Corps cybersecurity and informatization offices, telecommunications management bureaus, public security offices (bureaus), market supervision and management bureaus (offices, committees):

On the basis of the “Announcement concerning a Special Campaign on Collection and Use of Personal Information in Violation of Rules and Regulations in Apps”, in order to provide reference for the determination of acts of collecting and using personal information in violations of rules and regulations in apps, implement laws and regulations such as the “Cybersecurity Law”, etc., the Cyberspace Administration of China, Ministry of Industry and Information Technology, Ministry of Public Security, and State Administration of Market Regulation have jointly formulated the “Determination Rules on Acts of Collecting and Using Personal Information in Violation of Rules and Regulations in Apps”. These are hereby issued to you, please refer to and implement them in integration with supervision, management and law enforcement work realities.

Cyberspace Administration of China Secretariat

Ministry of Industry and Information Technology General Office

Ministry of Public Security General Office

State Administration for Market Regulation General Office

28 November 2019

Determination Rules on Acts of Collecting and Using Personal Information in Violation of Rules and Regulations in Apps

On the basis of the “Announcement concerning a Special Campaign on Collection and Use of Personal Information in Violation of Rules and Regulations in Apps”, in order to provide reference for the determination of acts of collecting and using personal information in violations of rules and regulations in apps, provide guidance for app operators’ self-inspection and self-rectification as well as netizens’ social supervision, and implement laws and regulations such as the “Cybersecurity Law”, these Rules are formulated.

I, The following acts may be determined as “not publishing collection and use norms”

1. There is no privacy policy in the app, or the privacy policy does not contain norms on the collection and use of personal information;

2. When using the app for the first time, users are not prompted to read privacy policies and other such norms on collection and use through a pop-up window and other such clear methods

3. The privacy policy and other such collection and use norms are difficult to access, for instance when after entering the app’s main interface, 4 clicks or other such manipulations are required before it can be accessed;

4. The privacy policy and other such collection and use norms are difficult to read, for instance because characters are too small and closely spaced, colours are too light, they are blurred and unclear, or no simplified Mandarin version is provided.

II, The following acts may be determined as “not indicating the objective, method and scope of collecting and using personal information”

1. Not listing the objective, method and scope of personal information collection and use in the app (including entrusted third parties or embedded third-party code and plug-ins) one by one;

2. When a change occurs in the objective, method and scope of personal information collection and use, not notifying the user in an appropriate manner, appropriate manners include revising the privacy policy and other such collection and use norms and alerting the user to read it;

3. When requesting to activate authorization of collectable personal information, or requesting to collect users’ identity card number, bank account number, geographical tracking and other such sensitive personal information, not simultaneously notifying the user about its objective, or having an unclear or difficult to understand objective.

4. Content related to collection and use norms is obscure and difficult to understand, verbose and overly detailed, which is difficult for users to understand, for instance using large amounts of specialist jargon, etc.

III, The following acts may be determined as “collecting and using personal information without users’ consent”

1. Beginning to collect personal information or activating authorizations for collectable information before obtaining users’ consent;

2. After users clearly indicate they do not consent, still collecting personal information or activating up collectable personal information authorizations, or frequently obtaining users’ consent, interfering with users’ regular use;

3. Actually collecting personal information or activating collectable personal information authorizations in excess of the scope of user authorization;

4. Obtaining users’ consent by way of implicit agreement to privacy policies and other non-explicit methods;

5. Altering the status of collectable personal information authorizations they have set up without users’ consent, for instance automatically restoring user-set up authorization to implicit approval status when updating an app;

6. Using users’ personal information and algorithms to direct push delivery information, without providing an option for non-targeted push delivery information;

7. Misleading users through fraudulent, swindling and other such improper methods into consenting to personal information collection or the activation of collectable personal information authorizations, for instance wilfully hoodwinking or covering up the true objective for the collection of users’ personal information;

8. Not providing users with a way and method to revoke consent for personal information collection;

9. Collecting users’ personal information in violation of the announced collection and use norms. 

IV, The following acts may be determined as “collecting personal information in violation of the principle of necessity, that is not related to the provided service”

1.  Collected categories of personal information or activated collectable personal information authorizations are not related to the existing business functions;

2. Refusing to provide business functions because users do not consent to the collection of unnecessary personal information or the activation of unnecessary authorizations;

3.  Requesting the collection of personal information in excess of the scope the user originally consented to when adding new business functions to the app, refusing to provide the original business functions if the user does not agree, except where the newly added business function supersedes the original business function;

4. The frequency of personal information collection exceeds the actual needs of business functions;

5. Obliging he user to consent to personal information collection for only the purpose of improving of service quality, enhancing user experience, targeting push delivery information, researching and developing new products, etc., 

6. Requiring users to consent once to activating multiple collectable personal information authorizations, where use is impossible if users do not consent.

V, The following acts may be determined as “providing personal information to others without consent”

1. Providing personal information directly from the app customer end to third parties both without user content, and without anonymized processing, including providing personal information to third parties through methods such as embedding third-party code or plug-in components at the customer end, etc.;

2. Providing collected personal information to third parties after data is transmitted to the app’s back-end servers both without user content, and without anonymized processing;

3. Even if functions are provided to correct and delete personal information and cancel user accounts, not timely responding to user’s corresponding operations, requiring manual processing, not completing examination and processing within the committed time limits (the committed time limit may not exceed 15 working days, where there is not committed time limit, 15 working days are taken as limit);

4. Where the executing of correction or deletion of personal information, the cancellation of user accounts and other such user operations has been completed, but it is not completed at the app back-end;

5. Not establishing and publishing personal information security complaints and reporting channels, or not accepting and processing matters within the committed time limits (the committed time limit may not exceed 15 working days, where there is not committed time limit, 15 working days are taken as limit).

关于印发《App违法违规收集使用个人信息行为认定方法》的通知
各省、自治区、直辖市及新疆生产建设兵团网信办、通信管理局、公安厅(局)、市场监管局(厅、委):
  根据《关于开展App违法违规收集使用个人信息专项治理的公告》,为认定App违法违规收集使用个人信息行为提供参考,落实《网络安全法》等法律法规,国家互联网信息办公室、工业和信息化部、公安部、市场监管总局联合制定了《App违法违规收集使用个人信息行为认定方法》。现印发你们,请结合监管和执法工作实际参考执行。
国家互联网信息办公室秘书局
工业和信息化部办公厅
公安部办公厅
市场监管总局办公厅
  2019年11月28日
App违法违规收集使用个人信息行为认定方法
  根据《关于开展App违法违规收集使用个人信息专项治理的公告》,为监督管理部门认定App违法违规收集使用个人信息行为提供参考,为App运营者自查自纠和网民社会监督提供指引,落实《网络安全法》等法律法规,制定本方法。
  一、以下行为可被认定为“未公开收集使用规则”
  1.在App中没有隐私政策,或者隐私政策中没有收集使用个人信息规则;
  2.在App首次运行时未通过弹窗等明显方式提示用户阅读隐私政策等收集使用规则;
  3.隐私政策等收集使用规则难以访问,如进入App主界面后,需多于4次点击等操作才能访问到;
  4.隐私政策等收集使用规则难以阅读,如文字过小过密、颜色过淡、模糊不清,或未提供简体中文版等。
  二、以下行为可被认定为“未明示收集使用个人信息的目的、方式和范围”
  1.未逐一列出App(包括委托的第三方或嵌入的第三方代码、插件)收集使用个人信息的目的、方式、范围等;
  2.收集使用个人信息的目的、方式、范围发生变化时,未以适当方式通知用户,适当方式包括更新隐私政策等收集使用规则并提醒用户阅读等;
  3.在申请打开可收集个人信息的权限,或申请收集用户身份证号、银行账号、行踪轨迹等个人敏感信息时,未同步告知用户其目的,或者目的不明确、难以理解;
  4.有关收集使用规则的内容晦涩难懂、冗长繁琐,用户难以理解,如使用大量专业术语等。
  三、以下行为可被认定为“未经用户同意收集使用个人信息”
  1.征得用户同意前就开始收集个人信息或打开可收集个人信息的权限;
  2.用户明确表示不同意后,仍收集个人信息或打开可收集个人信息的权限,或频繁征求用户同意、干扰用户正常使用;
  3.实际收集的个人信息或打开的可收集个人信息权限超出用户授权范围;
  4.以默认选择同意隐私政策等非明示方式征求用户同意;
  5.未经用户同意更改其设置的可收集个人信息权限状态,如App更新时自动将用户设置的权限恢复到默认状态;
  6.利用用户个人信息和算法定向推送信息,未提供非定向推送信息的选项;
  7.以欺诈、诱骗等不正当方式误导用户同意收集个人信息或打开可收集个人信息的权限,如故意欺瞒、掩饰收集使用个人信息的真实目的;
  8.未向用户提供撤回同意收集个人信息的途径、方式;
  9.违反其所声明的收集使用规则,收集使用个人信息。
  四、以下行为可被认定为“违反必要原则,收集与其提供的服务无关的个人信息”
  1.收集的个人信息类型或打开的可收集个人信息权限与现有业务功能无关;
  2.因用户不同意收集非必要个人信息或打开非必要权限,拒绝提供业务功能;
  3.App新增业务功能申请收集的个人信息超出用户原有同意范围,若用户不同意,则拒绝提供原有业务功能,新增业务功能取代原有业务功能的除外;
  4.收集个人信息的频度等超出业务功能实际需要;
  5.仅以改善服务质量、提升用户体验、定向推送信息、研发新产品等为由,强制要求用户同意收集个人信息;
  6.要求用户一次性同意打开多个可收集个人信息的权限,用户不同意则无法使用。
  五、以下行为可被认定为“未经同意向他人提供个人信息”
  1.既未经用户同意,也未做匿名化处理,App客户端直接向第三方提供个人信息,包括通过客户端嵌入的第三方代码、插件等方式向第三方提供个人信息;
  2.既未经用户同意,也未做匿名化处理,数据传输至App后台服务器后,向第三方提供其收集的个人信息;
  3.App接入第三方应用,未经用户同意,向第三方应用提供个人信息。
  六、以下行为可被认定为“未按法律规定提供删除或更正个人信息功能”或“未公布投诉、举报方式等信息”
  1.未提供有效的更正、删除个人信息及注销用户账号功能;
  2.为更正、删除个人信息或注销用户账号设置不必要或不合理条件;
  3.虽提供了更正、删除个人信息及注销用户账号功能,但未及时响应用户相应操作,需人工处理的,未在承诺时限内(承诺时限不得超过15个工作日,无承诺时限的,以15个工作日为限)完成核查和处理;
  4.更正、删除个人信息或注销用户账号等用户操作已执行完毕,但App后台并未完成的;
  5.未建立并公布个人信息安全投诉、举报渠道,或未在承诺时限内(承诺时限不得超过15个工作日,无承诺时限的,以15个工作日为限)受理并处理的。

Management Rules for Credit Information of Gravely Untrustworthy Subjects in Internet Information Services (Opinion-seeking Draft)

Posted on Updated on

Article 1: In order to stimulate the construction of credit in the Internet information services area, ensure the lawful rights and interests of citizens, legal persons and other organizations, on the basis of the “Cybersecurity Law of the People’s Republic of China”, the “Planning Outline for the Construction of a Social Credit System”, the “State Council Guiding Opinions concerning Establishment and Perfection of Joint Incentive Structures for the Trustworthy and Joint Punishment Structures for the Untrustworthy, and Accelerating the Advance of Social Credit Construction”, the “State Council General Office Guiding Opinions concerning Accelerating the Advance of Social Credit System Construction and Building Novel Management Mechanisms Based on Credit” and the “State Council Notice  concerning Authorizing the Cyberspace Administration of China to Take Responsibility for Internet Information Content Management Work”, these Rules are formulated. Read the rest of this entry »

Microblog Information Service Management Regulations

Posted on Updated on

Article 1: In order to stimulate the healthy and orderly development of microblog information services, protect the lawful rights and interests of citizens, legal persons and other organizations, and safeguard national security and the public interest, on the basis of the “Cybersecurity Law of the People’s Republic of China” and the “State Council Notice concerning Authorizing the Cyberspace Administration of China to take Responsibility for Internet Information Content Work”, these Regulations are formulated. Read the rest of this entry »

“Proposal for International Cooperation on the “One Belt, One Road” Digital Economy”

Posted on Updated on

The digital economy is a driver for global economic growth that becomes more important every day, and is playing an ever more important role in accelerating economic development, enhancing labour productivity in existing industries, fostering new markets and new industrial growth points, realizing inclusive growth and sustainable growth. In order to expand cooperation in the digital economy area, as countries supporting the “One Belt, One Road” initiative, we will, on the basis of the principles of interconnection and interaction, innovation and development, openness and cooperation, harmony and inclusivity, mutual benefit and win-win, explore the common use of digital opportunities and response to challenge, strive to realize an interconnected and interactive “Digital Silk Road” through strengthening policy communication, infrastructure linkages, trade facilitation, financial flows and interlinking popular sentiment, and forge a mutually beneficial, win-win “community of interests” and a “community of destiny” for common development and flourishing. To this end, on the basis of voluntarity and non-restraint, we put forward the following proposal:

<!–more–>

1. Expanding broadband access, raising broadband quality. Build and perfect regional telecommunications, Internet, satellite navigation and other such important information infrastructure, stimulate interconnection and interaction, explore the expansion of high-speed Internet access and connectivity measures at a bearable price, stimulate broadband network coverage, improve service capabilities and quality.

2. Stimulating the digital transformation. Stimulate the digitization of agricultural production, operations and management, as well as the networked transformation of agricultural product distribution. Encourage digital technologies to converge with the manufacturing sector, build an ever more linked, networked and smart manufacturing sector. Use information and telecommunications technology to improve cultural education, healthcare and medicine, environmental protection, urban planning and other public services. Stimulate the sustained development of service sectors such as smart logistics, online tourism, mobile payment, digital creativity and the shared economy. 

3. Stimulate e-commerce cooperation. Explore the feasibility of establishing information sharing, mutual trust and mutual recognition mechanisms for cross-border e-commerce credit, customs passage, inspection, quarantine, consumer protection and other such areas, strengthen cooperation in areas such as financial payment, storage and logistics, technology services, offline exhibitions, etc. Strengthen cooperation in consumer rights protection.  

4. Support Internet start-ups and innovation. Encourage the promotion of Internet-based research, development and innovation through beneficial and transparent legal frameworks, and support Internet-based start-ups. Use the Internet to stimulate innovation in products, services, processes, organizational and commercial models. 

5. Stimulate the development of small, mid-size and micro enterprises. Stimulate small, mid-size and micro enterprises to use information and telecommunication technologies to conduct innovation, raise competitiveness and open up new market sales channels through policy support. Promote the provision of required digital infrastructure to small, mid-size and micro enterprises at bearable prices. Encourage small, mid-size and micro enterprises to provide information and telecommunication products and services to public departments, and enter into global value chains. 

6. Strengthen digitized skills training. Increase the public’s digitized skills levels, ensure that they obtain gains from the development of the digital economy. Launch on-the-job training for digital skills, enhance employees’ digital skills. Encourage government departments, universities, research bodies and enterprises to vigorously launch training programmes, and stimulate the popularization and improvement of digital skills. 

7. Stimulating investment in the information and telecommunications technology area. Improve the commercial environment through stimulating research, development and innovation as well as investment, including cross-border investment in the digital economy. Promote all kinds of financial bodies, multilateral development bodies, etc., to invest in information and telecommunications technology infrastructure and applications, guide commercial share investment funds as well as social funds to invest in the area of the digital economy, encourage public-private partnership relations and other such forms of participation. Encourage the organization of investment information exchange activities between information and telecommunications technology enterprises and financial bodies, encourage reciprocal investment in the information and telecommunications technology area.

8. Promoting inter-city digital economy cooperation. Stimulate relevant cities to launch twinning cooperation, support the establishment of strategic cooperation relationships between twinned cities, drive international traffic and logistics, enhance quality and increase efficiency through constructing information infrastructure, promoting information sharing, stimulating information technology cooperation, and stimulating Internet trading services. Explore the establishment of “Digital Silk Road” economic cooperation demonstration areas. Encourage and support relevant cities in establishing “Digital Silk Road” economic demonstration areas within these cities, promote profound bilateral cooperation in areas such as information infrastructure, smart cities, e-commerce, long-distance healthcare, “Internet Plus”, the Internet of Things, artificial intelligence, etc.

9. Increasing digital inclusivity. Adopt many kinds of policy measures and technological measures to reduce the digital divide, including the digital divide between countries and within countries, and forcefully stimulate the proliferation of the Internet. Stimulate the use of digital technologies in school education and non-official education, promote the realization of broadband access for schools and equip them with online learning environments, so that ever more students can use digitized tools and resources in pursuit of learning. Strengthen the development of digital content such as excellent online games, cartoons, audiovisual materials, literature, music and knowledge resources, and stimulate exchange between the cultures of all countries, and a meeting of people’s hearts.

10. Encouraging and fostering transparent digital economy policies. Develop and maintain an open, transparent and inclusive digital economy policy formulation method. Encourage the dissemination of related and publishable government data, and understand the potential of these in driving new technologies, new products and new services. Encourage online open tendering and procurement, support enterprises in innovating digital product production and services, and simultaneously ensure that demand is market-led. 

11. Furthering international standardization cooperation. Propose the formulation and application of international standards for technology products and services developed through joint coordination, these international standards should maintain consistency with international norms including the norms and principles of the World Trade Organization. 

12. Strengthening confidence and trust. Strengthen the feasibility, completeness, secrecy and reliability of online transactions. Encourage the development of secure information infrastructure, in order to stimulate trustworthy, stable and reliable Internet applications. Strengthen international cooperation in the area of online trading, jointly attack cybercrime and protect the information and telecommunications technology environment. Through ensuring and respecting privacy and protecting personal data, establish confidence among users, this is a critical factor influencing the development of the digital economy.

13. Encourage and stimulate cooperation while respecting autonomous development paths. Encourage all countries along the Belt and Road to strengthen exchange and enhance mutual understanding, strengthen cooperation in policy formulation, supervision and management, reduce, eliminate or prevent unnecessary differences in supervision and management requirement, in order to liberate the vitality of the digital economy, simultaneously understand that all countries should preserve consistency with their international legal obligations, and that they will plan their development path no the basis of their own development situation, historical and cultural traditions, national legal systems and national development strategies.

14. Encouraging the joint construction of a peaceful, secure, open, cooperative and ordered cyberspace. Support information and telecommunication technology policies that safeguard the global nature of the Internet, permit Internet users to  lawfully and autonomously choose the information, knowledge and services they obtain online. Understand that cybersovereignty must be fully respected, safeguard cybersecurity, determinedly attack cyberterrorism and cybercrime, protect personal privacy and information security, and promote the establishment of a multilateral, democratic and transparent international Internet governance system. 

15. Encouraging the establishment of multi-level exchange mechanisms. Stimulate all sides, governments, enterprises, scientific research bodies, and sectoral organizations to communicate and interact, share viewpoints, and promote cooperation in the digital economy. Strengthen training, research and cooperation in the area of the digital economy. Strengthen exchanges about policy formulation and legislative experiences among the “Belt-Road Initiative” countries, and share best practices. Launch the construction of digital technology capabilities, welcome and encourage the United Nations Trade and Development Committee, the United Nations Industrial Development Organization, the Organization for Economic Cooperation and Development, the International Telecommunications Union and other such international organizations to play an important role in driving international cooperation on the “Belt-Road Initiative” digital economy.

(Signed by China, Laos, Saudi Arabia, Serbia, Thailand, Turkey and the United Arab Emirates)

《“一带一路”数字经济国际合作倡议》全文如下:

    数字经济是全球经济增长日益重要的驱动力,在加速经济发展、提高现有产业劳动生产率、培育新市场和产业新增长点、实现包容性增长和可持续增长中正发挥着重要作用。为拓展数字经济领域的合作,作为支持“一带一路”倡议的相关国家,我们将本着互联互通、创新发展、开放合作、和谐包容、互利共赢的原则,探讨共同利用数字机遇、应对挑战,通过加强政策沟通、设施联通、贸易畅通、资金融通和民心相通,致力于实现互联互通的“数字丝绸之路”,打造互利共赢的“利益共同体”和共同发展繁荣的“命运共同体”。为此,在基于自愿、不具约束力基础上,我们提出以下倡议:

    1.扩大宽带接入,提高宽带质量。建设完善区域通信、互联网、卫星导航等重要信息基础设施,促进互联互通,探索以可负担的价格扩大高速互联网接入和连接的方式,促进宽带网络覆盖、提高服务能力和质量。

    2.促进数字化转型。促进农业生产、运营、管理的数字化,以及农产品配送的网络化转型。鼓励数字技术与制造业融合,建设一个更加连接的、网络化、智能化的制造业。利用信息通信技术改善文化教育、健康医疗、环境保护、城市规划和其他公共服务。促进智慧物流、在线旅游、移动支付、数字创意和分享经济等服务业的持续发展。

    3.促进电子商务合作。探索在跨境电子商务信用、通关和检验检疫、消费者保护等领域建立信息共享和互信互认机制的可行性,加强金融支付、仓储物流、技术服务、线下展示等方面的合作。加强消费者权益保护合作。 4.支持互联网创业创新。鼓励通过有利和透明的法律框架,推动基于互联网的研发和创新,支持基于互联网的创业。利用互联网促进产品、服务、流程、组织和商业模式的创新。

    5.促进中小微企业发展。通过政策支持,促进中小微企业使用信息通信技术进行创新、提高竞争力、开辟新的市场销售渠道。推动以可负担的价格为中小微企业运营提供所需的数字基础设施。鼓励中小微企业为公共部门提供信息通信产品和服务,融入全球价值链。

    6.加强数字化技能培训。提升公众数字化技能水平,确保从数字经济发展中获益。开展数字技能的在职培训,提升从业人员的数字技能。鼓励政府部门、大学和研究机构、企业积极开展培训项目,促进数字技能的普及和提升。

    7.促进信息通信技术领域的投资。通过促进研发和创新(RDI)以及投资,包括数字经济跨境投资等方面的政策框架,改善商业环境。推动各类金融机构、多边开发机构等投资信息通信技术基础设施和应用,引导商业股权投资基金以及社会基金向数字经济领域投资,鼓励公私伙伴关系(PPP)等参与形式。鼓励组织信息通信技术企业和金融机构间的投资信息交流活动,鼓励在信息通信技术领域相互投资。

    8.推动城市间的数字经济合作。推动有关城市开展对点合作,支持对点城市间建立战略合作关系,通过信息基础设施建设、推动信息共享、促进信息技术合作、推进互联网经贸服务和加强人文交流,带动国际交通物流提质增效。探索建设“数字丝绸之路”经济合作试验区。鼓励支持有关城市在各自城市分别建立“数字丝绸之路”经济合作试验区,推动双方在信息基础设施、智慧城市、电子商务、远程医疗、 “互联网+”、物联网、人工智能等领域的深度合作。

    9.提高数字包容性。采取多种政策措施和技术手段来缩小数字鸿沟,包括各国之间和各国之内的数字鸿沟,大力推进互联网普及。促进数字技术在学校教育及非正式教育中的使用,推动实现学校宽带接入并具备网络教学环境,越来越多的学生可以利用数字化工具和资源进行学习。加强各自的优秀网络游戏、动漫、影视、文学、音乐和知识资源等数字内容开发,促进各国文化交流、民心交融。

    10.鼓励培育透明的数字经济政策。发展和保持公开、透明、包容的数字经济政策制定方式。鼓励发布相关的、可公开的政府数据,并认识到这些对于带动新技术、新产品、新服务的潜力。鼓励在线公开招标采购,支持企业创新数字产品生产和服务,同时保持需求由市场主导。

    11.推进国际标准化合作。倡导共同协作开发相关技术产品和服务的国际标准的制定和应用,这些国际标准应与包括世贸组织规则和原则在内的国际规则保持一致。

    12.增强信心和信任。增强在线交易的可用性、完整性、保密性和可靠性。鼓励发展安全的信息基础设施,以促进可信、稳定和可靠的互联网应用。加强在线交易方面的国际合作,共同打击网络犯罪和保护信息通信技术环境。通过确保尊重隐私和个人数据保护,树立用户信心,这是影响数字经济发展的关键因素。

    13.鼓励促进合作并尊重自主发展道路。鼓励沿线各国加强交流、增进相互了解,加强政策制定、监管领域的合作,减少、消除或防止不必要的监管要求的差异,以释放数字经济的活力,同时认识到所有国家应与其国际法律义务保持一致,并根据各自的发展情况、历史文化传统、国家法律体系和国家发展战略来规划发展道路。

    14.鼓励共建和平、安全、开放、合作、有序的网络空间。支持维护互联网全球属性的信息通信技术政策,允许互联网使用者依法自主选择获得在线信息、知识和服务。认识到必须充分尊重网络主权,维护网络安全,坚决打击网络恐怖主义和网络犯罪,保护个人隐私和信息安全,推动建立多边、民主、透明的国际互联网治理体系。

    15.鼓励建立多层次交流机制。促进政府、企业、科研机构、行业组织等各方沟通交流、分享观点,推动数字经济合作。加强数字经济方面的培训和研究合作。加强“一带一路”国家间交流政策制定和立法经验,分享最佳实践。开展数字技术能力建设,欢迎和鼓励联合国贸易和发展会议、联合国工业发展组织、经济合作与发展组织、国际电信联盟和其他国际组织,在推动“一带一路”数字经济国际合作中发挥重要作用。

Internet News Information Service Work Unit Content Management Staff Management Rules

Posted on Updated on

Chapter I: General provisions

Article 1: In order to strengthen management of content management staff in Internet news information service work units, safeguard the lawful rights and interests of staff and the social public, and stimulate the healthy and orderly development of internet news information services, on the basis of the “Cybersecurity Law of the People’s Republic of China” and the “Internet News Information Management Regulations”, these Rules are formulated. Read the rest of this entry »

Security Assessment and Management Regulations concerning New Technologies and New Applications in Internet News Information Services

Posted on Updated on

Article 1: In order to standardize security assessment and management work concerning new technologies and new applications in Internet news information services, safeguard national security and the public interest, protect the lawful rights and interests of citizens, legal persons and other organizations, on the basis of the “Cybersecurity Law of the People’s Republic of China”, and the “Internet News Information Service Management Regulations”, these Regulations are formulated.

Article 2: These Regulations apply to national, provincial, autonomous region and municipal Internet information offices’ organization and execution of security assessments of new technologies and new applications concerning Internet news information services. Read the rest of this entry »

Internet User Public Account Information Service Management Regulations

Posted on Updated on

Article 1: These Regulations are formulated in order to standardize Internet user public account information services, safeguard national security and the public interest, protect the lawful rights and interests of citizens, legal persons and other organizations, on the basis of the “Cybersecurity Law of the People’s Republic of China” and the “State Council Notice concerning Authorizing the Cyberspace Administration of China to Be Responsible for Internet Information Content Management Work”.

Article 2: These Regulations shall be observed when providing or using Internet user public accounts to engage in information dissemination services within the territory of the People’s Republic of China. 

Internet user public account information service providers as mentioned in these Regulations, refers to online platforms providing Internet user public account registration and use services. Internet user public account information service users as mentioned in these Regulations, refers to bodies or individuals using or operating Internet user public accounts to provide information dissemination services. 

Article 3: the Cyberspace Administration of China is responsible for Internet user public account information service supervision, management and law enforcement work nationwide, local Internet information offices are responsible for Internet user public account information service supervision, management and law enforcement work within their administrative areas, on the basis of their duties and responsibilities.

Article 4: Internet user public account information service providers and users shall uphold the correct orientation, carry forward the Socialist core value view, foster vigorous and healthy online culture, and maintain a benign online ecology.

All levels’ Party and government departments, enterprise and undertaking work units and people’s organizations are encouraged to register and use Internet user public accounts to disseminate government affairs information or public service information, serving economic and social development and satisfying the public’s information demand. 

Internet user public account information service providers shall cooperate with Party and government bodies, enterprise and undertaking work units and people’s organizations to enhance government information dissemination and public service levels, provide the necessary technical support and information security protection.

Article 5: Internet user public account information service providers shall bear dominant responsibility for information content security management, allocate specialist personnel and technical capabilities suited to the business scale, install general editors and other such positions responsible for information content security, establish and complete management structures for user registration, information examination and verification, emergency response, security protection, etc.

Internet user public account information service providers shall formulate and publish management norms and platform conventions, and conclude service agreements with users, clarifying both sides’ rights and interests.

Article 6: Internet user public account information service providers shall, according to the principle of “real name back stage, voluntary at the front of the stage”, conduct authentication of the real identity information of users, based on organization and body codes, identity card numbers, mobile telephone numbers, etc. Where users do not provide real identity information, no information dissemination services may be provided to them. 

Internet user public account information service providers shall establish a tiered credit management system for Internet user public account information service users, and provide corresponding services on the basis of credit tiers.

Article 7: Internet user public account information service providers shall check users’ account information, service qualifications, service scope and other such information, categorize them and add symbols, and file them with the local provincial, autonomous region or municipal Internet information office in a categorized manner. 

Internet user public account information service providers shall establish databases on the basis of users public account’s registration subjects, disseminated content, account subscription numbers, article reading numbers, etc., implement tiered and categorized management of Internet user public accounts, formulate concrete management rules and file them with the national or provincial, autonomous region and municipal Internet information offices. 

Internet user public account information service providers shall set a reasonable upper limit to the number of registered public account by the same subject on the same platform; where the same subject registers multiple accounts on the same platform, or a user operates multiple accounts in the form of a group, company or alliance, they shall be required to provide basic information on registration subjects, business scope, account list, etc., this will be filed with the local provincial, autonomous region or municipal Internet information office.

Article 8: Internet news information service providers who have lawfully obtained Internet news information gathering and dissemination qualifications, they may gather and disseminate news information through establishing a user public account. 

Article 9: Internet user public account information service providers shall adopt the necessary measures to protect users’ personal information security, they may not leak, distort or damage it, and may not illegally sell or illegally provide it to other persons.

Internet user public account information service provides shall, after a user terminates service use, provide them with account cancellation services.

Article 10: Internet user public account information service users shall bear responsibility for the secure management of information dissemination and operations, observe laws, regulations and relevant State provisions on news information management, intellectual property protection, cybersecurity protection, etc., and safeguard the online communication order.

Article 11: Internet user public account information service users may not disseminate information content prohibited by laws, regulations and relevant State provisions through public accounts.

Internet user public account information service providers shall strengthen supervision and management of public accounts on their platforms, where they discover the dissemination or transmission of unlawful information, they shall immediately adopt deletion and other such measures to deal with it, prevent transmission and diffusion, preserve relevant records, and report the matter to the relevant competent authorities.

Article 12: Internet user public account information service providers launching online public account messages, posts, comments and other such interactive functions, shall conduct security assessments according to relevant regulations.

Internet user public account information service providers shall, according to the principle of tiered and categorized management, conduct supervision and management of user public account messages, posts, comments, etc., set up by users, provide management powers to users, and provide them with support to conduct management of interactive segments. 

Internet user public account information service users shall conduct real-time management of user public account messages, posts, comments and other such interactive segments. Where management is weak, and information content prohibited by laws, regulations and relevant State provisions emerges, Internet user public account information service providers shall, on the basis of the user agreement, limit or cancel messaging, posting, commenting and other such interactive functions.

Article 13: Interactive user account information service providers shall, according to the law, adopt measures to deal with Internet user public accounts violating laws and regulations, service agreements and platform conventions, such as warning, correction, limiting functions, suspending renewal, account closure, etc., preserve relevant records and report the situation to the relevant competent department.

Internet user public account information service providers shall establish blacklist management systems, to blacklist public accounts and registration subjects gravely violating laws and conventions, adopt measures such as account closure, prohibition of re-registration, etc. in view of circumstances, preserve relevant records, and report the matter to the relevant competent department. 

Article 14: Internet sectoral organizations are encouraged to guide and promote Internet user public account information service providers and users to formulate sectoral conventions, strengthen sectoral self-discipline, and bear social responsibility.

Internet sectoral enterprises are encouraged to establish authoritative specialized mediation mechanisms with participation from multiple parties, to coordinate the resolution of sectoral disputes.

Article 15: Internet user public account information service providers and users shall accept supervision from the social public and sectoral organizations. 

Internet user public account information service providers shall set up convenient reporting interfaces, complete complaints and  reporting channels, perfect mechanisms to screen malicious reports, for report acceptance, feedback, etc. timely and fairly  deal with complaints and reports. National and local Internet information offices will, on the basis of their duties and responsibilities, conduct supervision and inspection of the report reception and implementation situation.

Article 16: Internet user public account information service providers and users shall cooperate with relevant competent departments conducting supervision and inspection according to the law, and provide the necessary technical support and assistance.

Internet user public account information service providers shall record Internet user public account information service users’ disseminated content and daily records, and preserve this for no less than six months according to regulations.

Article 17: Internet user public account information service providers and users violating these Regulations, will be punished by the relevant department according to relevant laws and regulations.

Article 18: These Regulations will take effect on 8 October 2017.

互联网用户公众账号信息服务管理规定
第一条 为规范互联网用户公众账号信息服务,维护国家安全和公共利益,保护公民、法人和其他组织的合法权益,根据《中华人民共和国网络安全法》《国务院关于授权国家互联网信息办公室负责互联网信息内容管理工作的通知》,制定本规定。
  第二条 在中华人民共和国境内提供、使用互联网用户公众账号从事信息发布服务,应当遵守本规定。
  本规定所称互联网用户公众账号信息服务,是指通过互联网站、应用程序等网络平台以注册用户公众账号形式,向社会公众发布文字、图片、音视频等信息的服务。
  本规定所称互联网用户公众账号信息服务提供者,是指提供互联网用户公众账号注册使用服务的网络平台。本规定所称互联网用户公众账号信息服务使用者,是指注册使用或运营互联网用户公众账号提供信息发布服务的机构或个人。
  第三条 国家互联网信息办公室负责全国互联网用户公众账号信息服务的监督管理执法工作,地方互联网信息办公室依据职责负责本行政区域内的互联网用户公众账号信息服务的监督管理执法工作。
  第四条 互联网用户公众账号信息服务提供者和使用者,应当坚持正确导向,弘扬社会主义核心价值观,培育积极健康的网络文化,维护良好网络生态。
  鼓励各级党政机关、企事业单位和人民团体注册使用互联网用户公众账号发布政务信息或公共服务信息,服务经济社会发展,满足公众信息需求。
  互联网用户公众账号信息服务提供者应当配合党政机关、企事业单位和人民团体提升政务信息发布和公共服务水平,提供必要的技术支撑和信息安全保障。
  第五条 互联网用户公众账号信息服务提供者应当落实信息内容安全管理主体责任,配备与服务规模相适应的专业人员和技术能力,设立总编辑等信息内容安全负责人岗位,建立健全用户注册、信息审核、应急处置、安全防护等管理制度。
  互联网用户公众账号信息服务提供者应当制定和公开管理规则和平台公约,与使用者签订服务协议,明确双方权利义务。
  第六条 互联网用户公众账号信息服务提供者应当按照“后台实名、前台自愿”的原则,对使用者进行基于组织机构代码、身份证件号码、移动电话号码等真实身份信息认证。使用者不提供真实身份信息的,不得为其提供信息发布服务。
  互联网用户公众账号信息服务提供者应当建立互联网用户公众账号信息服务使用者信用等级管理体系,根据信用等级提供相应服务。
  第七条 互联网用户公众账号信息服务提供者应当对使用者的账号信息、服务资质、服务范围等信息进行审核,分类加注标识,并向所在地省、自治区、直辖市互联网信息办公室分类备案。
  互联网用户公众账号信息服务提供者应当根据用户公众账号的注册主体、发布内容、账号订阅数、文章阅读量等建立数据库,对互联网用户公众账号实行分级分类管理,制定具体管理制度并向国家或省、自治区、直辖市互联网信息办公室备案。
  互联网用户公众账号信息服务提供者应当对同一主体在同一平台注册公众账号的数量合理设定上限;对同一主体在同一平台注册多个账号,或以集团、公司、联盟等形式运营多个账号的使用者,应要求其提供注册主体、业务范围、账号清单等基本信息,并向所在地省、自治区、直辖市互联网信息办公室备案。
  第八条 依法取得互联网新闻信息采编发布资质的互联网新闻信息服务提供者,可以通过开设的用户公众账号采编发布新闻信息。
  第九条 互联网用户公众账号信息服务提供者应当采取必要措施保护使用者个人信息安全,不得泄露、篡改、毁损,不得非法出售或者非法向他人提供。
  互联网用户公众账号信息服务提供者在使用者终止使用服务后,应当为其提供注销账号的服务。
  第十条 互联网用户公众账号信息服务使用者应当履行信息发布和运营安全管理责任,遵守新闻信息管理、知识产权保护、网络安全保护等法律法规和国家有关规定,维护网络传播秩序。
  第十一条 互联网用户公众账号信息服务使用者不得通过公众账号发布法律法规和国家有关规定禁止的信息内容。
  互联网用户公众账号信息服务提供者应加强对本平台公众账号的监测管理,发现有发布、传播违法信息的,应当立即采取消除等处置措施,防止传播扩散,保存有关记录,并向有关主管部门报告。
  第十二条 互联网用户公众账号信息服务提供者开发上线公众账号留言、跟帖、评论等互动功能,应当按有关规定进行安全评估。
  互联网用户公众账号信息服务提供者应当按照分级分类管理原则,对使用者开设的用户公众账号的留言、跟帖、评论等进行监督管理,并向使用者提供管理权限,为其对互动环节实施管理提供支持。
  互联网用户公众账号信息服务使用者应当对用户公众账号留言、跟帖、评论等互动环节进行实时管理。对管理不力、出现法律法规和国家有关规定禁止的信息内容的,互联网用户公众账号信息服务提供者应当依据用户协议限制或取消其留言、跟帖、评论等互动功能。
  第十三条 互联网用户公众账号信息服务提供者应当对违反法律法规、服务协议和平台公约的互联网用户公众账号,依法依约采取警示整改、限制功能、暂停更新、关闭账号等处置措施,保存有关记录,并向有关主管部门报告。
  互联网用户公众账号信息服务提供者应当建立黑名单管理制度,对违法违约情节严重的公众账号及注册主体纳入黑名单,视情采取关闭账号、禁止重新注册等措施,保存有关记录,并向有关主管部门报告。
  第十四条 鼓励互联网行业组织指导推动互联网用户公众账号信息服务提供者、使用者制定行业公约,加强行业自律,履行社会责任。
  鼓励互联网行业组织建立多方参与的权威专业调解机制,协调解决行业纠纷。
  第十五条 互联网用户公众账号信息服务提供者和使用者应当接受社会公众、行业组织监督。
  互联网用户公众账号信息服务提供者应当设置便捷举报入口,健全投诉举报渠道,完善恶意举报甄别、举报受理反馈等机制,及时公正处理投诉举报。国家和地方互联网信息办公室依据职责,对举报受理落实情况进行监督检查。
  第十六条 互联网用户公众账号信息服务提供者和使用者应当配合有关主管部门依法进行的监督检查,并提供必要的技术支持和协助。
  互联网用户公众账号信息服务提供者应当记录互联网用户公众账号信息服务使用者发布内容和日志信息,并按规定留存不少于六个月。
  第十七条 互联网用户公众账号信息服务提供者和使用者违反本规定的,由有关部门依照相关法律法规处理。
  第十八条 本规定自2017年10月8日起施行。

Provisions on the Management of Internet Forum Community Services

Posted on Updated on

This translation was completed by ChinaLawTranslate, and is republished here with kind permission

Article 1: These Provisions are formulated on the basis of the “Cybersecurity Law of the P.R.C.”and the“State Council’s Notification of Authorization of the State Internet Information Office to be Responsible for Efforts to promote the healthy and orderly development of the internet forum community industry, so as to standardize Internet forum community services, stimulate the healthy and orderly development of Internet forum community services, protect the lawful rights and interests of citizens, legal persons, and other organizations, safeguard national security and the public interest. Read the rest of this entry »

Critical Information Infrastructure Security Protection Regulations

Posted on Updated on

This document was translated jointly by Graham Webster, Paul Triolo and Rogier Creemers

CAC Notice concerning the Public Solicitation of Opinions on the “Critical Information Infrastructure Security Protection Regulations (Opinion-seeking Draft)”

http://www.cac.gov.cn/2017-07/11/m_1121294220.htm

In order to guarantee the security of critical information infrastructure, based on the “Cybersecurity Law of the People’s Republic of China”, our Administration, jointly with relevant departments, has drafted the “Critical Information Infrastructure Security Protection Regulations (Opinion-seeking Draft)”, which is now made public for open solicitation of opinions. Relevant work units and individuals from all circles may, before 10 August, put forward opinions through the following ways:

1, Sending opinions in a letter form to: Beijing Xicheng Chegongzhuang Avenue 11, CAC Cybersecurity Coordination Bureau, Post Code 100044, and clearly indicate “opinion solicitation” on the envelope

2, Sending an e-mail to: security@cac.gov.cn.

CAC

10 July 2017

Critical Information Infrastructure Security Protection Regulations

(Opinion-seeking draft)

Chapter 1: General principles Read the rest of this entry »

Implementing Rules for the Management of Internet News Information Service Licences

Posted on Updated on

Article 1: In order to further raise the standardization and scientization levels of Internet news information service licence management, and stimulate the healthy and orderly development of Internet news information services, on the basis of the “Administrative Licensing Law of the People’s Republic of China” and the “Internet News Information Service Management Regulations” (hereafter simply named “Regulations”), these Implementing Rules are formulated.

Article 2: These Implementing Rules apply to national and provincial, autonomous region and municipal Internet information offices’ implementation of Internet news information service licensing. Read the rest of this entry »

Interim Security Review Measures for Network Products and Services

Posted on Updated on

This translation was kindly provided by Paul Triolo

Article 1 These Measures are developed with a view to enhancing the secure and controllable levels of network products and services, guarding against cyber security risks, and safeguarding the national security, and in accordance with the laws and regulations such as National Security Law of the People’s Republic of China and the Cybersecurity Law of the People’s Republic of China.

Article 2 Important network products and services procured for use in networks and information systems that touch on national security are subject to a cybersecurity review.

Article 3 A cybersecurity review shall be conducted for network products and services and their supply chains, in a manner that combines enterprise commitments with public supervision, combines third-party assessments with government continuous regulation, and combines laboratory testing with on-site checks, on-line monitoring and background investigations. Read the rest of this entry »

Internet News Information Service Management Regulations

Posted on Updated on

Chapter I: General Provisions

Article 1: In order to strengthen Internet information content management and stimulate the healthy and orderly development of Internet news information services, on the basis of the “Cybersecurity Law of the People’s Republic of China”, the “Internet Information Service Management Rules”, and the “State Council Notice concerning Authorizing the State Internet Information Office to Take Responsibility of Internet Information Content Management Work”, these Regulations are formulated.

Read the rest of this entry »

Regulations for Internet Content Management Administration Law Enforcement Procedures

Posted on Updated on

This translation was kindly provided by John Costello

State Internet Information Office

Decree No. 2

“Regulations for Internet Content Management Administration Law Enforcement Procedures” approved in a meeting of the State Internet Information Office is hereby announced, to be implemented from June 1, 2017 onward.

Director Xu Lin

May 2, 2017

Regulations for Internet Content Management Administration Law Enforcement Procedures Read the rest of this entry »

National Cyberspace Security Strategy

Posted on Updated on

The broad application of information technologies and the rise and development of cyberspace has extremely greatly stimulated economic and social flourishing and progress, but at the same time, has also brought new security risks and challenges. Cyberspace security (hereafter named cybersecurity) concerns the common interest of humankind, concerns global peace and development, and concerns the national security of all countries. Safeguarding our country’s cybersecurity is an important measure to move forward the strategic arrangement of comprehensively constructing a moderately prosperous society, comprehensively deepening reform, comprehensively governing the country according to the law, and comprehensively and strictly governing the Party forward in a coordinated manner, and is an important guarantee to realize the “Two Centenaries” struggle objective and realize the Chinese Dream of the great rejuvenation of the Chinese nation. In order to implement Xi Jinping’s “Four Principles” concerning moving forward reform of the global Internet governance system and the “Five Standpoints” on building a community of common destiny in cyberspace, elaborate China’s important standpoints concerning cyberspace development and security, guide China’s cybersecurity work and safeguard the country’s interests in the sovereignty, security and development of cyberspace, this Strategy is formulated.

Read the rest of this entry »

Measures on the Administration of Internet Live-streaming Services

Posted on Updated on

This translation was published first on China Law Translate, and is reposted here with kind permission.

Article 1: These Provisions are formulated on the basis of the “Standing Committee of the National of the National People’s Congress’s Decision on Strengthening Protections for Online Information”, the “State Council’s Notification of Authorization of the State Internet Information Office to be Responsible for Efforts to Management Internet Information Content”, “Measures for the Management of Internet Information Services”, and the “Provisions on the Management of Internet News Information Services” so as to strengthen management of internet live-streaming services, to protect the lawful rights and interests of citizens, legal persons, and other organizations, safeguard national security and the public interest.

Read the rest of this entry »

Mobile Internet Application Information Service Management Regulations

Posted on Updated on

Article 1: In order to strengthen management of mobile Internet application (apps) information services, protect the lawful rights of citizens, legal persons and other organizations, safeguard national security and the public interest, on the basis of the “National People’s Congress Standing Committee Decision concerning Strengthening Online Information Protection” and the “State Council Notice concerning Authorizing the Cyberspace Administration of China to Take Responsibility of Internet Information Content Management”, these Regulations are formulated.

Read the rest of this entry »

Procedural Regulations for Administrative Law Enforcement concerning Internet Information Content Management (Opinion-seeking Draft)

Posted on Updated on

Chapter I: General Provisions

Article 1: In order to standardize and guarantee that Internet information content management departments exercise their powers according to the law, correctly impose administrative punishment, stimulate the healthy and orderly development of Internet information services, protect the lawful rights and interests of citizens, legal persons and other organizations, safeguard national security and the public interest, on the basis of the relevant provisions of the “Administrative Punishment Law of the People’s Republic of China”, the “Administrative Coercion Law of the People’s Republic of China”, the “National People’s Congress Standing Committee Decision concerning Strengthening the Protection of Online Information”, the “Internet Information Service Management Rules” and the “State Council Notice concerning Empowering the Cyberspace Administration of China to Take Responsibility of Internet Information Content Management Work”, etc., these Regulations are formulated. Read the rest of this entry »

Internet News Information Service Management Rules

Posted on Updated on

(Opinion-seeking Revision Draft)

Chapter I: General provisions.

Article 1: In order to standardize Internet news information service activities, stimulate the healthy and orderly development of Internet news information services, protect the lawful rights and interests of citizens, legal persons and other organizations, safeguard national security and the public interests, on the basis of the “National People’s Congress Standing Committee Decision concerning Strengthening the Protection of Online Information” and the “Internet Information Service Management Rules” and other such laws and administrative regulations, these Rules are formulated. Read the rest of this entry »

Wuzhen Initiative

Posted on Updated on

The Internet is an important achievement in the progress of human civilization, it has become an important force that drives innovation, stimulates economic and social development, and enriches all of humanity. The Internet will transform the world into a “global village”, so that international society increasingly is becoming an interdependent community of common destiny. At the same time, the rapid development of the Internet has also brought challenges to national sovereignty, security and sustainable development. Vigorously and steadily responding to these challenges is the common responsibility of international society. From the World Summit on the Information Society in 2003, the Geneva Declaration of Principles and the 2005 Tunis Agenda to the Montevideo Statement as well as the Report of the United Nations Group of Governmental Experts on Information Security, international society’s consensus concerning Internet development and governance is broadening incessantly, and cooperation is deepening incessantly. We express congratulations for the results of the United Nations General Assembly WSIS +10 High-Level Meeting, and look forward to international society further deepening cooperation in the area of the Internet on the basis of the UN Charter as well as universally accepted international norms and principles. Read the rest of this entry »