China Law Insight : China Law Insight: China Commercial and Intellectual Property Lawyers and Attorneys, Full Service Law Firm: King & Wood

The Provisions, which come into effect on March 15, 2012, are to be implemented and administered by the Ministry of Industry and Information Technology and Communications Administration ("M.I.I.T.") of the P.R.C. The Provisions cover a wide range of issues relevant to the operation of IISPs in the P.R.C., such as commercial websites (as distinguished from "network service providers" which, in M.I.I.T. terminology provide network services, such as internet access), but this article will look only at those online user issues referenced above.

In relation IISPs introducing software which did so maliciously with the knowledge that it would likely be incompatible with existing user software, Article 5 (Items 3 and 5) of the Provisions notes that it is not acceptable for IISPs to “forc[e] incompatibility on services and products provided by other internet information service providers maliciously” or to “maliciously … forc[e] the users to modify the parameters of services or products provided by other internet information services providers.” [2] 

In terms of protections against intrusion upon the user's computer/terminal device (including mobile phones, etc…), Article 7 (Item 7) of the Provisions notes that IISPs cannot "change user's browser configurations or other configurations without notifying the user and obtaining permission from the user."[3] Furthermore, as per Article 8, IISPs who are conducting operations of "downloading, installing, running, upgrading, or uninstalling software, etc., on user terminals should provide definite and complete software function information and should get permission from the users in advance".[4]   In addition, Article 9 of the Provisions provides that IISPs can only bundle their terminal software with other software in such a manner providing clear notice to the user and such that the user can "choose whether or not to install or use the software and should provide a separate uninstall or disable option without adding unreasonable terms".[5] Finally, Article 10 provides that "if internet information service providers pop-up advertisements or other information that are irrelevant to the function of their terminal software on user terminals, internet information service providers should provide users with functional signs to close or quit the window in a prominent manner".[6] Articles 5, 7, 8, 9, and 10 of the Provisions as noted make it clear that maliciously introducing software likely to cause incompatibilities, unauthorized changing of configurations on user browsers, unauthorized installation of software, such as "spyware", unduly forcing users to download software bound to other software, or serving up endless annoying "pop up ads" are unacceptable practices and, in this regard, these Provisions provide users with more control in their relationship with IISPs. 

In terms of data privacy, the Provisions note in Article 11 that "[w]ithout users' consent, internet information service providers should not collect information that is related to the users and can serve to indentify the users' identities solely or in conjunction with other information (hereinafter referred to as "users' personal information") and should not provide other people with users' personal information, unless laws, or administrative regulations specified otherwise".[7]   Article 11 goes on to add that "[w]here the internet information service providers are permitted by the users to collect users' personal information, internet information service providers should clearly inform users of the method, content and purpose of collecting and processing users' personal information, internet information service providers should not collect information that is unnecessary for providing service or should not use users' personal information for purposes other than providing service, either."[8] 

In addition, Article 12 of the Provisions provides that IISPs should "properly keep users' personal information. If users' personal information which internet information service providers are keeping is leaked or possibly leaked, internet information service providers should immediately take remedial measures.  If serious consequences are caused or might be caused, internet information service providers should immediately report to the Telecommunications Administration and cooperate with related departments to conduct investigations."[9] 

Finally, Article 13 of the Provisions provides that IISPs cannot without authorization or "justifiable reasons" "change or delete information uploaded by users", "provide others with information uploaded by users without users' permission, unless otherwise provided by the laws or administrative regulations", or "transfer information uploaded by users without authorization or under the guise of users' names, or cheat, mislead, or coerce users to transfer information which users uploaded".[10] Such gives users more control over information which they may upload to an IISP, such as comments or blog entries. Articles 11, 12, and 13 of the Provisions provide clear rules promoting user data privacy and user control over user data, including uploaded information, and provide users with a defined framework for data protection in their online activity. 

Finally, the Provisions require that IISPs provide clear contact information for relevant complaints(Article 14)[11], outline a reporting, review, and assessment mechanism for relevant complaints to the M.I.I.T.(Article 15)[12], and define a statutory framework for applicable punishments, including but not limited to assessment of fines of 10,000-30,000 RMB (as per Articles 16-20).[13] 

With these Provisions coming into effect in March of this year, online internet users in the P.R.C. will then have a better means to provide themselves with additional control over their user experience when dealing with IISPs, as well as additional means to protect their valuable personal data, and internet service providers will have clear guidelines for what is acceptable conduct of business in these areas.  

Note: this publication is for informational purposes only and it does not in any way constitute a legal opinion.  

Tencent is the owner of a popular instant messaging or social networking software, most commonly known as “QQ”, which is used widely in China. Qihoo is the owner of the “360” line of security software– the main objective of these software is to protect users against computer viruses.

On 27 September 2010, Qihoo launched a free privacy software known as “360 Privacy Protector”. 360 Privacy Protector is a software that monitors whether users’ movements on the web are being “tracked” by other entities. Qihoo alleged that their 360 Privacy Protector software reported that the owners of QQ (i.e. Tencent) had breached their user’s privacy.

Tencent denied these allegations and accused Qihoo of fabricating or spreading false facts, resulting in damaging their business reputation (i.e. in breach of Article 14 of the Anti-Unfair Competition Law).

Comments

Pursuant to Article 14 of the Anti-Unfair Competition Law, Tencent and Qihoo would need to be “competing” entities. It is currently unclear what products Tencent and Qihoo compete in (however the press has reported that they compete in certain products).

If Tencent is successful in their Article 14 allegation against Qihoo, they would be able to seek damages against the latter (pursuant to Article 20 of the Anti-Unfair Competition Law).
It will be interesting to watch the development of this case – we will keep watch and report on any major developments.

[1] We have obtained details in relation to the Tencent-Qihoo case from publicly available press reports such as the ones located at these addresses: http://www.fawan.com/Article/Print.asp?ArticleID=288518;

http://tech.163.com/10/1007/10/6ICSLA7S000915BF.html;http://tech.sina.com.cn/i/2010-10-15/04434748371.shtml; and http://b2b.toocle.com/detail--5421116.html.

I. Introduction

In China, a series of regulations have been promulgated to directly govern online gaming, the latest of which is the Interim Measures on the Administration of Online Games [《网络游戏管理暂行办法》] (the ”Measures”) issued by the PRC Ministry of Culture on June 3, 2010, and effective as of August 1, 2010. The Measures expand upon previous legislation regulating online games and provide updated and clearer rules regarding permissible content, market access, game mechanics, administration and supervision from the state, and potential legal liability. Although the Measures include additional requirements for foreign game developers, the basic dynamics of the industry for foreign online game have not drastically changed.

While all online games must obtain government approval before release, domestically produced games face a less complicated road to market than games produced outside of China . However, imported online games that obtained regulatory approval often compete quite successfully with domestic games. As a MMORPG pioneer and major factor in China’s online gaming world, World of Warcraft’s entry into the Chinese market offers many lessons for all foreign game developers.

Using World of Warcraft’s example, this article introduces the issues that foreign game developers will be most interested in and offers a comparison on how the Chinese regulatory environment differs from that of the U.S.

II. Key Issues facing foreign online game developers in China
In considering China’s current regulatory regime as a whole, foreign game developers should pay particular attention to the following issues:

1. Market Access
Online games, according to the Interim Provisions on the Administration of Internet Culture [《互联网文化管理暂行规定》]（the “Interim Provisions”）, are categorized as Internet Cultural Products. Literally, these are products whereby the production, dissemination and circulation of which are done through the internet. Creation of Internet Cultural Products and subsequent activities including production, copying, uploading, import, wholesale, retail, broadcasting, lease of such products, and the operation of online games, are all deemed as Internet Cultural Activities . Under the Interim Provisions, Chinese companies seeking to undertake any such Internet Cultural Activities must satisfy certain specific conditions to be empowered to operate on the internet as Internet Cultural Operation Entities. To this end, Internet Cultural Operation Entities for profit need apply to the PRC Ministry of Culture or its local corresponding branch at provincial level for an Internet Cultural Operation License (网络文化经营许可证).

In addition, since developing online games accessible to the public via the internet is regarded as an online game publishing activity , an Internet Cultural Operation Entity seeking to operate online games should also obtain an Internet Publishing Services License（互联网出版服务许可证）issued by the PRC General Administration of Press and Publication covering the service scope of the online game. Meanwhile, those Chinese companies issuing virtual currency and providing transactional services regarding virtual currency in online games for another company need only obtain the Internet Cultural Operation License as they are not actually publishing anything, but do have operations online.

Foreign online game developers, on the other hand, do not have open access to the Chinese market both in terms of establishing an entity to develop games locally and in the actual hosting and operation of a game produced locally or abroad.

Under the Catalogue for the Guidance of Foreign Investment Industries [《外商投资产业指导目录》] and the Catalogue of Prohibited Foreign Investment Industries [《禁止外商投资产业目录》], “internet cultural operations” fall under a prohibited sector for foreign investment. These restrictions are further reinforced by the Several Opinions on the Introduction of Foreign Capital into Cultural Industry [《关于文化领域引进外资的若干意见》] and Decree No.13 – these regulations explicitly forbid foreign entities and individuals from establishing and operating any Internet Cultural Operation Entities to engage in online games operational activities directly or though de facto control . Notably, establishment of Internet Cultural Operation Entities is necessary for both online game development and online game operation although these are distinctly different businesses. As such, foreign companies are not permitted to participate in the development of online games domestically in the form of a commercial establishment. 

As foreign online game developers are banned from developing or operating their games within China on their own, this necessitates a partnership with domestic Chinese enterprises that will obtain the necessary licenses, including the Internet Cultural Operating License and Internet Publishing Services License as well as the import approvals to operate the foreign produced game or jointly developed games. Foreign developers do not deal with such applications themselves as their domestic operator licensee usually undertakes those procedures. The foreign copyright owner of these imported online games typically must grant Chinese online game operators the exclusive right to operate their online games in China. Blizzard Entertainment, for example, owner of the World of Warcraft game works exclusively with Chinese company NetEase.com to distribute, operate and coordinate regulatory approval for the game in China.

2. Interplay Between Import Examination and Approval Authorities in China
Typically, once a Chinese distributor has been selected for an imported online game, approval from the two above mentioned Chinese regulators are still required before the game can be launched in China.

In contrast to the U.S., where there are no direct regulations on the importing of online games, the PRC General Administration of Press and Publication is the authority responsible for examining and approving such games from the “publication” perspective. Even those foreign online games intended for display, demonstration and promotion in exhibitions and events held in China are also deemed as publishing and therefore require formal approval from the PRC General Administration of Press and Publication. In terms of approval of content, the PRC Ministry of Culture believes it is the primary content regulator of online games in China. Foreign developers through their exclusive local distributors intending to import foreign online games are responsible for applying to the PRC Ministry of Culture and must present their Internet Cultural Operation License, among other things, as prescribed in Article 11 of the Measures.

In reality, both authorities have some role in content review leading to regulatory turf battles. For example, World of Warcraft suspended charging customers throughout part of 2009 as the two authorities jockeyed for regulatory position. While the duties of the aforesaid two authorities regarding online games have been explicitly provided in the “Circular of the PRC State Commission Office for Public Sector Reform on Interpretation of Certain Sections in the ‘Three Determine’ Program” (“ZHONG YANG BIAN BAN FA [2009] No.35”), the struggle for content regulatory primacy has not been fully resolved as ensuring compliance with Chinese law still requires some degree of review of content on the part of the PRC General Administration of Press and Publication . Since the newly issued Measures reinforced the authority of the PRC Ministry of Culture in approving content in imported online games, the rival between the two authorities may intensify.

3. Specific Content Regulation
A. Content regulation in China
Chapter 3 of the Measures includes restrictions on content that violates the PRC Constitution, harms national sovereignty, calls into question the territorial integrity of the country, divulges State secrets, promotes cults, uses obscenity or pornographic images, and so on. The list also includes catch-alls and restricts content that violates social morals and PRC law. For example, in the past “Command & Conquer: Generals - Zero Hour,” a game simulating war, was previously banned for "smearing the image of China and the Chinese army.” The Measures also place restrictions on “obligatory hostility” between players and “gambling by using virtual currency or legal tender” for all players.

Moreover, previously approved imported online games must undergo import procedures again if the games are updated, or new versions and new material were added. When the content of an imported online game is materially altered, the new proposed content must be submitted to the PRC Ministry of Culture for content censorship. In this case, the PRC General Administration of Press and Publication also requires approval of the proposed changes beforehand. More recently, Blizzard Entertainment and NetEase will finally be able to launch Wrath of the Lich King, the add-on expansion for World of Warcraft, in China on August 31, 2010, about 22 months after the expansion launched in the U.S. “The delay was due to the regulatory and content review process.” Finally, the Announcement on Regulating Applications for Content Censorship for Imported Online Games [《文化部关于规范进口网络游戏产品内容审查申报工作的公告》] makes it clear that games undergoing content censorship should be fully developed and in conformity with the versions officially operated (or in public testing).

B. Protection of Minors
Other specific content prohibitions are provided by Chapter 4 of the Measures , many focusing on the protection of minors. Online games intended for minors must not contain content which encourage minors to imitate criminal behavior or are against the interests of society. Content involving horror or cruelty which could impair the physical and mental well-being of minors is also prohibited.

C. Comparison with Content regulation in the U.S.
In contrast to China, there is no singular law governing online games in U.S. Instead, distinct areas of internet gaming are governed by the U.S. Constitution, national and state laws, and case law. Generally speaking, video games are protected by the First Amendment freedom of expression and content regulation is generally not permitted. Video games constitute protected “speech” under the U.S. Constitution, particularly given the extensive themes and artistic/literary content included in modern games. However, a rating system for questionable material is generally acceptable. There are a host of applicable state laws that are applicable as in Washington state or New York state.
State lawmakers have struggled to define what constitutes a “violent” videogame, and how such determinations should be made. Some have focused on specific acts of violence towards police officers, while others have attempted to use a modified “obscenity” test; focusing on whether the game has serious literary, artistic, political, or scientific value with respect to what is appropriate for minors. However, First Amendment jurisprudence dictates that the government may only regulate the sale and distribution of erotic, as opposed to violent, media. Only when an expressive work crosses a certain line of eroticism will the courts approve restrictions on otherwise protected speech. In contrast, China’s regulatory regime is much more stringent and violence and horror are reviewed as well.

D. Industry Self-Regulation
Going forward, the Measures also establish a system mandating self-examination and active supervision for online game operators. This requires them to employ professionals to examine content and business behaviors to ensure compliance with the law and when the local operator/distributor of an imported online game is replaced by a foreign company, the successor must reapply to the PRC Ministry of Culture for approval.

4. Online Game Real Name System
To implement the policy objectives of protecting minors and protecting societal interests, online game operators are required to adopt technical measures to prohibit minors from accessing “inappropriate” games or offending game functions and, in order to prevent minors from excessive play online, operators are also requested to limit playing time for minors.

Controversy regarding the Internet Real-name System first started in 2002, but this concept still found its way in a series of legislation afterwards, such as the “Online Game Anti-addiction System” and the "Online Shop Real-name system" . The “Online Game Anti-addiction System” is intended to control the playing time of minors and therefore requires that online game users must submit their personal information to complete registration in order to identify which players are minors that need to be protected. In addition, the Legislature intends to have technical measures to be implemented by online game operators that would not only prohibit minors from accessing inappropriate games or game functions, but also be useful in resolving disputes arising out of online games.

However, the effectiveness of the real name system depends on how it is implemented. Challenges include the technical restraints of online game operators and simple lack of incentives for implementation by the operators. Enforceability of this system is also expected to be quite poor as users may just use another person's identification certificate, fabricate information, or even login to overseas online game servers via proxy IPs. According to the Measures, online game operators are responsible for collecting and keeping the personal information submitted by online game users , so how to protect this information and avoid leaks is a major concern for most online netizens.

There is no legal requirement for registering real names and IDs in online games in the U.S. The U.S. Supreme Court has found the concept of "privacy" to be protected by a number of the Amendments, typically known as a "penumbra right". Thus, there are no legal requirements requiring use of any real names for internet games, although occasionally individual companies may require it. Past experience, however, has shown that most gamers stage a revolt when one is suggested by individual companies. On July 6, 2010, for example, Blizzard Entertainment announced that it will display the real names tied to user accounts in its game forums. Blizzard Entertainment, with Facebook, agreed to allow Facebook friends to share their real identity. The integration of this feature has created a major uproar among the fans of the game and was eventually cancelled.

III. Conclusion
Compared with that of the U.S. and other jurisdictions, China has a markedly more stringent regime for governing online video games. Greater restrictions are placed on market access, content, and what is permissible for minors. The policy behind this is to protect domestic political and societal interests. Special care and attention should be placed on the selection of the Chinese licensee, working with them to obtain content and import approval, the protection of minors, and instituting the required technical requirements. The alternative is to face bans or long delays. However, foreign game developers are able to operate and take advantage of China’s massive online community by playing by its rules.

On 11 August 2008, ALRC released a report "For Your Information: Australian Privacy Law and Practice". The report is a massive 3,000 pages and adopts a "principles-based" approach to regulation by making 295 recommendations. These changes will impact on all private sector organisations and the way in which they collect, use or disclose personal information.
The ALRC's view is that "principles-based" regulation should be the primary method of regulating information privacy in Australia, supplemented by specific rules to address particular issues that arise in relation to certain industries. This "principles-based" approach contrasts to "bright line" or "complex and detailed rules" approaches where rules for specific situations are detailed in legislation.

The ALRC has recommended a basic restructure of privacy regulation following a three-tiered approach:
 

1) high-level principles of general application, to be encapsulated as the new "Unified Privacy Principles" ("UPPs")provided in a streamlined Privacy Act;

2) regulations and industry codes detailing the handling of personal information in certain specified contexts, such as health and research and credit reporting; and

3) the issuance of further guidance by the Privacy Commissioner (and other relevant regulators) dealing with operational matters and explaining to end users what is expected in various circumstances, as well as providing basic advice and education.
 

Principles-based privacy regulation has advantages, as well as shortcomings, for private sector organisations. It often means that legislative certainty is compromised: flexibility for a regulator to respond to changed circumstances is achieved at the expense of predictability, with the result that an organisation can never be sure of the rules. Provided, however, that the regulator implementing the principles gives clear guidance as to how they are to be applied at any particular point in time and provides adequate notice of changes to that guidance, principles-based regulation can have the benefit of allowing the law to adapt to rapidly-evolving areas, particularly to address the privacy implications of new and emerging technologies.
 

Across the waters, China's legislature is watching Australia work through its imminent privacy overhaul. Currently, China's Constitution Law prohibits the infringement of the inherent dignity of the human person and their residence, and protects freedom and security of communication. Personal Privacy is partly and principally protected under the fundamental laws. Notwithstanding that there is no express right to privacy in China's Civil Law General Principles , the administrative laws and regulations contain special regulations regarding protection of privacy based on investigation, secrecy and public hearings. The scope of personal information is expanded to include the sale of personal information pursuant to the Amendments to the Criminal Law (VII) (draft) . In addition, disadvantaged groups and professionals, such as minors, lawyers, and doctors, are required to take steps for protection of clients' personal information. In civil judicatory trials, the People's Court is required to accept matters where a party makes a claim for damages as a result of psychological harm caused due to infringement of their privacy. However, the claimant can only bring an action for compensation to the extent that their reputation is damaged from infringement of their privacy . There is no specific mention in the regulations about when an invasion of privacy takes place but does not lead to infringement of reputation. Overall, regulation in respect of protection of privacy in China is scattered and the scope of personal information requires clarification, especially in relation to what constitutes personal information. 
 

Click here for complete article.

The current legal protections for personal information appear loosely in various laws including the Constitution and other Civil and Criminal Laws. The protections are presented in the forms of certain individual articles in the varying pieces of legislation. These provisions mainly protect a citizen's right to communications freedom, communications security and privacy in general and do not cover basic personal information such as personal address, phone numbers, etc.

Furthermore, the current applications of these articles are limited. Take for example the “crime of infringing upon a citizen's right to freedom of correspondence” provided for in the Criminal Law, Article 252, which provides not only the true intent of the law (the right to freedom of correspondence), the target of crime (the letters) but also requires “the circumstance is serious” as the standard of conviction. It is not easy for these provisions to be adapted to the developments of the information age as writing physical letters has declined.

In deliberating the Draft, a strong message that the constitutional principle of “respect for and insuring Human Rights” will also be embodied in the field of personal information protection, and such protection will mark an important step for respecting personal liberty and dignity.

Even more exciting is that the legislative process for the Personal Information Protection Law, started in 2005, is now entering a new phase. The Personal Information Protection Law (Draft) has been submitted to the State Council for discussion. We are now looking forward to success during the deliberation  as well as the release of the Personal Information protection Law in the near future. This will help create a comprehensive system for the protection of personal information and provide effective legal safeguards to right of privacy.

个人信息法律保护的新发展

那些为一对一辅导、售楼信息、不厌其烦的保险代理骚扰的人们终于看见了喧嚣世界突然安静下来的曙光。

8月25日，十一届全国人民代表大会常务委员会第四次会议对《中华人民共和国刑法修正案（七）（草稿）》进行初审。该草案首次提出对公民个人信息进行刑法保护，引发了社会各界的广泛关注。

现行法律对个人信息的保护主要散落在宪法、刑法、民商事法律等领域，以单行法中个别条款的方式表现。这些条款以保护公民通信自由及通信秘密、隐私权为主，未涵盖基本的个人信息，例如住址及电话等，且保护条件较为严苛。以现行刑法中的“侵犯通信自由罪”为例，该罪不仅规定了特殊的犯罪客体和犯罪对象，还以“情节严重”为定罪起点。仅依靠这些条款的保护力度显然落后于信息时代的发展要求。

《刑法修正案（七）（草稿）》的审议无疑发出了一个强烈的信号，即随着社会进步，尊重和保障人权的宪法原则在个人信息保护领域得以具体化，体现了法律和社会对个人自由和尊严的尊重。

更为可喜的是，2005年启动的个人信息保护法立法程序现已进入新阶段。《个人信息保护法（草案）》已呈交国务院讨论。我们期待着《刑法修正案（七）》能够顺利通过审议，更进一步期待《个人信息保护法》尽早出台。从而形成较为完善的中国个人信息保护法律体系，使公民解脱“透明人”的担忧，公民个人隐私、尊严及安全得到切实有效的法律保障。

李咏梅, 国内诉讼仲裁组