By Jiang Junlu and Jin Shan King and Wood Mallesons’ Labor & Employment Group

We receive a bunch of unwanted text messages, email spam, commercial calls and mail solicitations every day. All of a sudden, our identities and personal contact information are exposed in public, used by some individuals and institutions for illegitimate purposes with our permissions. We are all the victims of their illegalities.

On December 28, 2012, the Decision regarding Strengthening the Protection of Internet Information (the “Decision”) was passed by the Standing Committee of the National People’s Congress, which was implemented on the same date. The era of online information protection begins.

1. Personal Information Protection

The Decision clearly prohibits any organizations or individuals from obtaining citizen’s electronic information via theft or other illegal means, as well as prohibits them from selling or illegally providing the information to others.

2. Collection and Utilization of Personal Information

Network service providers and other service-related companies shall, in consistence with the principle of legality, legitimacy and necessity, explicitly state their purposes, methods and scopes when collecting and using personal electronic information; such collection and use shall receive permissions from information providers that are subject to laws, regulations and mutual agreements.

Relevant rules concerning the collection and utilization of personal information shall be released by network service providers and other service-related companies. Meanwhile, the Decision bans such institutions from disclosing, altering or damaging collected information, as well as from selling or illegally providing it to others.

Furthermore, the Decision specifies that network service providers and other service-related companies shall take necessary steps, including but not limited to technical measures to ensure the safety of collected information and avoid any further disclosure, damage or loss. Countermeasures must be adopted immediately when any above-mentioned incidence happens. Service providers are required to promptly stop the transmission of prohibited information once the illegality occurs in order to strengthen the management of collected information, keep records of eliminations of prohibited information and report to upper level authority.

3. Establishment of Network ID Management System

Network service providers who grant users the access to internet, fixed lines, mobile phones and provide users the information posting service, shall require their customers to provide his/her genuine identification information when signing the service agreement or confirming service provisions.

4. Prevention of the Transmission of Unwanted Electronic Information

The Decision emphasizes that no institutions or individuals shall transmit unwanted electronic information to fixed lines, mobile phones or personal emails without receiver’s request or permission, or clearly refused by such person for further receptions.

5. Protection of Personal Privacy

Citizens who discover his/her personal identity and privacy disclosed and spread in public with no permission, or other infringements occurred upon his/her legal rights involving online information, or being harassed by commercial electronic information have their legal rights to request network service providers to delete the related information or take other necessary measures to stop such infringements.

6. Legal Liability

Any violation of this law is subject to a warning, fine, confiscation of illegal income, license revocation, website shutdown, or permanent ban on engaging in web-related business in future, which would also be documented in social credit records and announced publicly. When such illegality constitutes a violation of public security, crime, and/or an infringement of civil right, the administrative penalty, criminal liability and/or civil liability should be imposed respectively.