China Law Insight : China Law Insight: China Commercial and Intellectual Property Lawyers and Attorneys, Full Service Law Firm: King & Wood

The Provisions, which come into effect on March 15, 2012, are to be implemented and administered by the Ministry of Industry and Information Technology and Communications Administration ("M.I.I.T.") of the P.R.C. The Provisions cover a wide range of issues relevant to the operation of IISPs in the P.R.C., such as commercial websites (as distinguished from "network service providers" which, in M.I.I.T. terminology provide network services, such as internet access), but this article will look only at those online user issues referenced above.

In relation IISPs introducing software which did so maliciously with the knowledge that it would likely be incompatible with existing user software, Article 5 (Items 3 and 5) of the Provisions notes that it is not acceptable for IISPs to “forc[e] incompatibility on services and products provided by other internet information service providers maliciously” or to “maliciously … forc[e] the users to modify the parameters of services or products provided by other internet information services providers.” [2] 

In terms of protections against intrusion upon the user's computer/terminal device (including mobile phones, etc…), Article 7 (Item 7) of the Provisions notes that IISPs cannot "change user's browser configurations or other configurations without notifying the user and obtaining permission from the user."[3] Furthermore, as per Article 8, IISPs who are conducting operations of "downloading, installing, running, upgrading, or uninstalling software, etc., on user terminals should provide definite and complete software function information and should get permission from the users in advance".[4]   In addition, Article 9 of the Provisions provides that IISPs can only bundle their terminal software with other software in such a manner providing clear notice to the user and such that the user can "choose whether or not to install or use the software and should provide a separate uninstall or disable option without adding unreasonable terms".[5] Finally, Article 10 provides that "if internet information service providers pop-up advertisements or other information that are irrelevant to the function of their terminal software on user terminals, internet information service providers should provide users with functional signs to close or quit the window in a prominent manner".[6] Articles 5, 7, 8, 9, and 10 of the Provisions as noted make it clear that maliciously introducing software likely to cause incompatibilities, unauthorized changing of configurations on user browsers, unauthorized installation of software, such as "spyware", unduly forcing users to download software bound to other software, or serving up endless annoying "pop up ads" are unacceptable practices and, in this regard, these Provisions provide users with more control in their relationship with IISPs. 

In terms of data privacy, the Provisions note in Article 11 that "[w]ithout users' consent, internet information service providers should not collect information that is related to the users and can serve to indentify the users' identities solely or in conjunction with other information (hereinafter referred to as "users' personal information") and should not provide other people with users' personal information, unless laws, or administrative regulations specified otherwise".[7]   Article 11 goes on to add that "[w]here the internet information service providers are permitted by the users to collect users' personal information, internet information service providers should clearly inform users of the method, content and purpose of collecting and processing users' personal information, internet information service providers should not collect information that is unnecessary for providing service or should not use users' personal information for purposes other than providing service, either."[8] 

In addition, Article 12 of the Provisions provides that IISPs should "properly keep users' personal information. If users' personal information which internet information service providers are keeping is leaked or possibly leaked, internet information service providers should immediately take remedial measures.  If serious consequences are caused or might be caused, internet information service providers should immediately report to the Telecommunications Administration and cooperate with related departments to conduct investigations."[9] 

Finally, Article 13 of the Provisions provides that IISPs cannot without authorization or "justifiable reasons" "change or delete information uploaded by users", "provide others with information uploaded by users without users' permission, unless otherwise provided by the laws or administrative regulations", or "transfer information uploaded by users without authorization or under the guise of users' names, or cheat, mislead, or coerce users to transfer information which users uploaded".[10] Such gives users more control over information which they may upload to an IISP, such as comments or blog entries. Articles 11, 12, and 13 of the Provisions provide clear rules promoting user data privacy and user control over user data, including uploaded information, and provide users with a defined framework for data protection in their online activity. 

Finally, the Provisions require that IISPs provide clear contact information for relevant complaints(Article 14)[11], outline a reporting, review, and assessment mechanism for relevant complaints to the M.I.I.T.(Article 15)[12], and define a statutory framework for applicable punishments, including but not limited to assessment of fines of 10,000-30,000 RMB (as per Articles 16-20).[13] 

With these Provisions coming into effect in March of this year, online internet users in the P.R.C. will then have a better means to provide themselves with additional control over their user experience when dealing with IISPs, as well as additional means to protect their valuable personal data, and internet service providers will have clear guidelines for what is acceptable conduct of business in these areas.  

Note: this publication is for informational purposes only and it does not in any way constitute a legal opinion.  

Noticeably, at the forum, Mr. Jiang Tianbo, the Deputy Director General of the Anti-monopoly and Anti-unfair Competition Enforcement Bureau of SAIC¹ , said that the internet industry has become a "hot" area where a lot of anti-monopoly complaints are raised.
According to Mr. Jiang, most of the complaints relating to the Internet industry are against  the following 4 types of conducts:

• joint boycottof transactions;

• tying – such as tie-in sales of software with the operating system;

• disparaging competitor's reputation – such as disseminating information that the software of other Internet companies is not safe or contains virus;
• selling products at below-cost prices for the purpose of maintaining the market share.

In response to complaints on the absence of SAIC in the QQ / 360 case, Mr. Jiang expressed the determination of SAIC to strengthen its enforcement of the Anti-monopoly Law and Anti-unfair Competition Law in the Internet industry. 

Comments

Commercial libel indicated by Mr. Jiang above is mainly regulated under the Anti-unfair Competition Law (AUCL), the enforcement of which also falls within the purview of SAIC.  On the other hand, MIIT, the authority responsible for the administration of the Internet industry, may also have the privilege or intention to handle competition issues raised in the Internet industry.  The recent Interim Rules for Supervision and Management of Internet Information Service Market (Draft for Comment) promulgated by MIIT contains similar regulations as the AUCL and the AML.²   It will be interesting to see whether and how the MIIT will work with SAIC to enforce the AUCL and/or AML in relation to competition issues in the Internet industry.
 

Furthermore, compared with traditional industries, the Internet industry may pose greater challenges to the competition authorities as it is one of the fastest changing industries and the economic theories for analyzing the behaviors of the businesses in the industry are more complicated and less well-established.  On a global scale, we have seen leading Internet search engine firms challenged in major competition jurisdictions for abuse of market dominance.  It remains to be uncovered how Chinese authorities will show their teeth towards potentially monopolistic conducts or unfair competition conducts of enterprises in this highly dynamic industry.
 

¹ The Anti-monopoly and Anti-unfair Competition Enforcement Bureau of SAIC is the Anti-monopoly Law (AML) enforcement agency responsible for oversight of anti-monopoly enforcement of none-price related monopoly agreement and abuse of market dominance.

 ²Partly driven by the QQ-360 disputes, the MIIT released the Interim Rules for Supervision and Management of Internet Information Service Market (Draft for Comment), on 12 January 2011 (see our article entitled "MIIT releases draft rules which govern antitrust issues").

Scope - The payment services include: (1) internet payment; (2) the issuance and acceptance of prepaid cards; (3) credit card acceptance; and (4) other forms of payment services recognized by the PBOC.

Competent Authority - The new regulations show that the PBOC authorities intend to regulate non-financial institutions which act as payment intermediaries.

License Required - To date, pre-paid cards and internet payment have been left largely unregulated in the PRC. The new regulations require any non-financial institution that offers such services to obtain a payment service business license (“PS”). The PS license will be issued by the competent local PBOC branch (i.e. the sub-provincial city center branch).

Prerequisites for a PS License- Application requirements include: (1) meeting minimum registered capital requirements (i.e. not less than 100 million RMB for companies providing payment services nationally; not less than 30 million RMB in autonomous regions); (2) being profitable and providing e-commerce information technology service for at least two years; (3) having more than five senior employees familiar with payment services business; (4) meeting payment services business facility requirements; and (5) having sound organizational structure, internal control systems and risk management measures.

PS License Application Documents - Requisite application documentation include: (1) written application detailing plans for payment services; (2) business license; (3) articles of association; (4) capital verification certificate; (5) audited financial statements; (6) business payment feasibility study report; (7) anti-money laundering verification; and (8) technical safety testing and certification.

Possible Sanctions- Failure to comply with the new PBOC regulations may result in revocation of the PS license and/or fines. Furthermore, any illicit criminal activities (i.e. money-laundering or fraud) will be reported to the relevant authorities for further action.

Practical Implications - The new regulations will potentially impact retailers in two ways. Firstly, retailers using prepaid cards (i.e. store cards, gift cards, value-added cards, etc.) will need to ensure that the card issuers have obtained a PS license. Secondly, retailers with an online presence will need to ensure that third party vendors meet the necessary requirements and hold a valid PS license under the new regulation.
 

However, if the downloading process is not conducted properly, the evidence won’t be recognized as authentic, even if the downloading has been witnessed by a notary public. 

In the NuCom Online (Beijing) Information Technology Co., Ltd. v. ChinaNetwork Communications Corporation Limited, Zigong Branch case, the Supreme People’s Court emphasized, in its (2008) Min Shen Zi No.926 Civil Ruling, the necessity of examining the origin of web-based information , as said origins are fundamental  to deciding whether the notarized evidence can be used as the basis for a court’s judgment. If the notary public cannot gain access to the computer or mobile hard drive before the notarization procedure and if the notarization itself does not  include a record of the state of the computer or mobile hard drive with respect to the integrity of said computer/mobile hard drive prior to the downloading, the Supreme People’s Court deems that the notarization can prove that the act of downloading occurred before a notary public, but it cannot prove that the data at issue was actually downloaded from a specific location on the Internet.

The Supreme People’s Court’s above judgment is based on the nature of  web technology. Electronic data stored in a web sever can also be stored or cached in a local computer. Under certain scenarios, when you use a local computer to visit a target website, the web pages displayed are actually those stored or cached in the local computer, rather than web pages downloaded from a remote website.   Therefore, the actual origin of the evidence cannot be guaranteed merely by having a notary public witnessing the downloading process, as that “downloading” may be simply pulling up the web page from the cache in the local computer.

The Supreme People’s Court’s opinion noted above is not only guidance for the courts when examining  notarized web page evidence, but also an important instruction for those parties seeking to gather evidence in support of judicial proceedings in China. To ensure proper authentication of web-based evidence, parties should conduct notarized web page downloads at the notary public office using the notary public’s computer and, also, request that the notary public record the condition of the computer prior to the notarization process. If the downloading must be done on another computer, the party should initiatively request the notary public to delete all relevant files from the caches of the computer by appropriate procedures before downloading the requested web pages and record all of the detailed steps in the notarization process. 

Providing South Korea as an example, Dr. Cave commented on the fast development and implementation of broadband in that country, and added to that example the Singapore government's policy “for creating a very high speed broadband network throughout the island.” According to Dr. Cave, “This approach yields much quicker results, and can also be used to support local equipment development and manufacture.”

As the conversation progressed from these Asian countries towards China, Dr. Cave pointed out that while he is not a China expert, in his opinion,

“…it is obvious that mobile voice, in China, as in India and elsewhere, is transforming the consumer market place. Mobile also provides a fertile opportunity for the development of Chinese technologies and standards. I have recently prepared a report for the GSM Association, a coalition of mobile operators, which argues that mobile communications thrive in a relatively unregulated atmosphere -- one which utilises competing operators' desires to win customers with keen prices and new services."

Dr. Cave commented that this transforming marketplace naturally progresses towards mobile broadband and that the next decade will see increasing broadband speeds, In fact, securing access to broadband has become intrinsically tied to a country's economic growth. Dr. Cave further commented on mobile broadband that

“A country which loses out in this race [to develop mobile broadband networks] risks suffering major economic loss. In areas where there is no fixed network, wireless is the key, and many technologies are or will be available -- 3G, varieties of 4G, Wi-max, etc. ”

Dr. Cave provided as an example the Australian company, Telstra, which has built a wireless network within a short time period which delivers high speed broadband to 99% of the population. He commented that Telstra's network

“…is encouraging its competitors to follow suit. If this sort of network is replicated in other countries, and if enough spectrum is made available to support the traffic, the capacity of less affluent countries to 'catch-up' could have remarkable effects. There will still be a need to develop fibre-based networks for business, and in areas where they are already available, but these might take second place to wireless networks in meeting household demand. The good thing about wireless technologies is that they are inherently competitive, so the need for regulation is more limited than it is for monopoly fixed networks; this state of ‘permanent competition’ imposes on operators a permanent need to invest to retain customers and capture new ones. ”

However, while certain areas develop best with minimal regulatory interference, Dr. Cave added that others require regulatory interaction to ensure fair competition in an international market. He emphasizes that

“business customers - especially large corporations – [need to] get the range and quality of services which assist them in competing successfully in international markets. This involves creating regulatory incentives to extend fibre deployment in business districts.”

Dr. Cave added that he sees enormous scope for China in the communications equipment market. He commented, “[China] has a large home market, and already a major international one, where its success is increasingly based on technological rather than price-based competition.”

When asked about the future of copyright protection for data exchanged over the
Internet, through phone devices, or through other web-related devices, Dr. Cave pointed to the market power shift from networks to content that has occurred in the last two decades. He states

“From this point of view, the proponents of net neutrality, such as Google, are fighting off an attempt by network operators such as AT&T and Verizon to re-assert themselves. However, content is only as valuable as its copyright protection is effective, and peer-to-peer exchanges, social networking sites and other developments endanger its value. But this is a new manifestation of the permanent battle between owners and would-be copiers. The copyright owners use technology such as digital rights management and new business models such as low-cost music downloads to make their paid offerings more palatable to consumers.”

As our discussion with Dr. Cave came to a close, he predicted that while copyright owners won't lose this battle over copyright, the way they are remunerated may change significantly.