Samuel Yang
Lawyer biography
Samuel is a partner of AnJie Law Firm. He has rich experience in the areas of Technology, Media and Telecommunications (TMT). He has worked as in-house counsel and external lawyer in these areas for more than 15 years. He advises clients on a wide range of regulatory, commercial and corporate matters, such as telecommunications, cybersecurity, data protection, e-commerce, social networking, online games, hardware and software, technology procurements and transfers, distribution and licensing, and other technology-related matters. He also advises clients on compliance, dispute resolution and employment.
Before he joined AnJie, Sam worked for British Telecom, CMS Cameron McKenna and DLA Piper.
Updates
Tech, Data, Telecoms & Media
Proposal to tighten controls on import and export of commercial cryptography products
China | 29 January 2021In August 2020 the State Cryptography Administration released the Regulations for the Administration of Commercial Cryptography (Draft for Comment). The draft regulations provide that the import of commercial cryptography products on the Commercial Encryption Import Licence List and the export of commercial cryptography products on the Commercial Encryption Export Control List should be subject to the import and export licence for dual-use items issued by the State Council.
Ministry of Commerce to launch pilot programme on cross-border data transfer security management
China | 22 January 2021In August 2020 the Ministry of Commerce issued the Master Plan for Comprehensively Deepening the Pilot Programme on the Innovative Development of Trade in Services. The plan covers 28 provinces and municipalities directly under the central government, including Beijing, Tianjin and Shanghai. The pilot programme, which concerns cross-border data transfer security management, will run for three years.
Draft Guidelines on the Construction of a Data Security Standards System in the Telecoms and Internet Industries
China | 15 January 2021In 2020 the Ministry of Industry and Information Technology issued the Guidelines on the Construction of a Data Security Standards System in the Telecoms and Internet Industries for public comment. According to the draft guidelines, the data security standards system for telecoms and internet industries comprises four categories: basic and general standards, critical technology standards, security management standards and critical field standards.
Method for evaluating security protection capabilities of critical information infrastructure
China | 08 January 2021In August 2020 the National Information Security Standardisation Technical Committee issued the Information Security Technology – Method for Evaluating the Security Protection Capabilities of Critical Information Infrastructure (Draft for Comment) for public comment. According to the draft method, the evaluation of the security protection capabilities of critical information infrastructure will focus on capability domain level, graded protection and cryptography.
Consultation on proposed method of boundary identification for critical information infrastructure
China | 18 December 2020In August 2020 the National Information Security Standardisation Technical Committee released the Information Security Technology – Method of Boundary Identification for Critical Information Infrastructure (Draft for Comment) for public opinion. The draft provides six factors that should be considered when identifying the boundaries of critical information infrastructure: critical business, network facilities, information systems, critical business information, critical business information flows and basic operation environments.
Guide to the Building of a National Standard Framework for New Generation Artificial Intelligence
China | 04 December 2020The Standardisation Administration and four other government departments recently issued the Guide to the Building of a National Standard Framework for New Generation Artificial Intelligence. The guide requires that the top-level design of AI standardisation should be clarified by 2021 when more than 20 key standards in key general technologies, technologies in key fields and ethics have been preliminarily researched.
Six government agencies call for recommendation of national green data centres in 2020
China | 27 November 2020In August 2020 the Ministry of Industry and Information Technology and five other government agencies issued the Circular on Organising and Implementing the Recommendation of National Green Data Centres. According to the circular, all regions will recommend a batch of well-managed and representative data centres featuring high-energy efficiency and advanced technology in major application fields in accordance with the Evaluation Indicator System for Green Data Centres.
Consultation on Security Requirements for the Supply Chain of Information Technology Products
China | 13 November 2020The consultation period for the Information Security Technology – Security Requirements for the Supply Chain of Information Technology Products (Draft for Comment) recently ended. The requirements, as a recommended national standard, will apply to the security management activities of the IT product supply chain for government information systems and critical information infrastructure. They will also provide a reference for the supply chain security management activities of other information systems.
NISSIT issues self-assessment guidelines for apps to collect and use personal information
China | 06 November 2020The Secretariat of National Information Security Standardisation Technical Committee recently released the Practical Guide to Cybersecurity Standards – Self-Assessment Guidelines for Apps to Collect and Use Personal Information to guide app operators to carry out self-assessments. The guidelines provide 28 self-assessment items.
MIIT launches special campaign to promote governance of apps that infringe rights and interests
China | 30 October 2020In order to effectively strengthen the protection of users' personal information, the Ministry of Industry and Information Technology issued the Notice on Carrying out the Special Campaign to Promote Governance on Apps that Infringe Upon Users' Rights and Interests, requiring that a national app testing platform management system be launched before the end of August 2020. The testing platform management system is expected to complete testing for 400,000 mainstream apps before 10 December 2020.
Strengthening protection of data rights and personal information security
China | 23 October 2020The Supreme People's Court and the National Development and Reform Commission recently issued the Opinions on Providing Judicial Services and Supports to Accelerate the Improvement of the Socialist Market Economy System in the New Era. Among other things, the opinions emphasise that the state should strengthen the protection of data rights and personal information security.
MIIT exposes second and third batches of apps infringing users' rights and interests
China | 16 October 2020The Ministry of Industry and Information Technology (MIIT) recently instructed third-party testing agencies to examine certain mobile apps and issued the Second and Third Batches of Apps that Infringe Upon Users' Rights and Interests, requiring operators of said apps to make rectifications. Numerous apps did not complete their rectifications before the designated timelines. As a result, the MIIT may impose fines.
MIIT to crack down on SDK plug-ins' unlawful collection and use of personal data
China | 02 October 2020China Central Television's 3.15 programme recently exposed that third-party software development kit plug-ins for mobile phones were collecting and using users' personal information. In response, the Ministry of Industry and Information Technology immediately asked the relevant entities to investigate the enterprises involved in accordance with the law.
Shenzhen proposes local data protection regulations to protect data rights
China | 25 September 2020The Justice Bureau of Shenzhen Municipality recently issued the Data Regulations of Shenzhen Special Economic Zone for public opinion. The draft regulations define the concept of 'data rights' for the first time and set out the ownership of personal and public data. According to the draft regulations, no organisation or individual may infringe on natural persons' data rights in accordance with the law.
State Council to formulate CII security protection regulations
China | 18 September 2020The General Office of the State Council recently issued the 2020 Legislative Plan, which includes several laws applicable to the cybersecurity sector, such as the Regulations on Network Protection of Minors and the Regulations on the Security Protection of Critical Information Infrastructure.
Anhui Province proposes regulations to boost development and application of Big Data
China | 11 September 2020The Anhui Province government recently issued the Regulations on the Development and Application of Big Data in Anhui Province for public opinion. The draft regulations encourage enterprises, universities, scientific research institutions and other organisations and individuals to engage in the research and development of Big Data technology and give full play to the economic value and social benefits of data resources.
Hainan free trade port: gradual removal of restrictions on foreign investment in telecoms industry
China | 28 August 2020The Central Committee of the Communist Party of China and the State Council have jointly issued the Master Plan for the Construction of the Hainan Free Trade Port. According to the plan, the aim is for the port to be completed and operational as a globally influential duty-free trading centre by 2050. Among other things, the port is expected to open up value-added telecoms services and gradually remove restrictions on the percentage of enterprises' shareholdings which can be held by foreign investors.
New Civil Code highlights privacy and personal information protection
China | 21 August 2020In May 2020 the National People's Congress passed the Civil Code, which will take effect on 1 January 2021. The Civil Code includes special provisions on the protection of privacy and personal information and provides that personal information pertaining to natural persons should be protected as a fundamental civil right. The processing of personal information should adhere to the principles of lawfulness, legitimacy and necessity, and excessive and unreasonable processing is prohibited.
Personal data protection under newly issued Civil Code
China | 14 August 2020While the new Civil Code largely restates the existing Chinese laws on privacy and personal information protection, it applies these laws more broadly and makes it easier for individuals to take civil action in relation to breaches. As such, privacy and personal information protection laws are likely to be enforced more often and more broadly in China from 2021 onwards. Companies that process personal information in China should ensure that their existing privacy practices comply with the new Civil Code.
App governance panel issues special governance report on illegal collection of personal information
China | 07 August 2020The App Special Governance Panel recently issued the 2019 Special Governance Report on Apps for Illegal Collection and Use of Personal Information, summarising governance efforts from January 2019. According to the report, illegal collection and use activities by apps will be cracked down on and enterprises' capacity to protect personal information will be greatly improved. Further, knowledge of personal information protection by apps should be extensively available.
Mobile financial apps must be filed with National Internet Finance Association of China
China | 31 July 2020According to the Notice of the People's Bank of China on Issuing Financial Industry Standards on Strengthening the Security Management of Mobile Financial Client Application Software, the National Internet Finance Association of China has organised a real-name filing for mobile financial apps. There are 73 apps in the first batch to be filed with the association.
MIIT finds that 16 app operators infringed users' rights and interests
China | 24 July 2020The Ministry of Industry and Information Technology (MIIT) recently established third-party testing institutions to monitor mobile apps and ordered app operators found to have infringed users' rights and interests to rectify this problem. The MIIT subsequently found that 16 app operators had failed to meet the rectification requirements and ordered them to comply with its request.
Network Security Department achieves preliminary results in campaign against illegal apps
China | 17 July 2020In the first quarter of 2020, the Network Security Department of the national public security organs reportedly developed its functions, strengthened the protection of citizens' personal information and investigated and dealt with 386 illegal apps for collecting citizens' personal information in accordance with the law. This article provides a brief summary of the department's activities.
Cyberspace Administration of China launches 2020 clean up the Internet campaign
China | 10 July 2020To further regulate the dissemination of information online and protect the public interest, the Cyberspace Administration of China (CAC) recently launched a nationwide clean up the Internet campaign lasting for eight months from May 2020. According to the CAC, the campaign comprehensively covers various online communication channels and platforms and aims to remove illegal and harmful information from the Internet.
SAMR and NISSTC require Grade 2 cybersecurity protection or higher for targets of classified protection
China | 03 July 2020The State Administration for Market Regulation and the National Information Security Standardisation Technical Committee recently released the Information Security Technology Classification Guide for the Classified Protection of Cybersecurity to provide methods and procedures for the classification and protection of information systems and other protection targets which do not involve state secrets (collectively known as 'targets of classified protection').
Special governance of illegal collection of personal information by COVID-19-prevention and control apps
China | 29 May 2020The Tianjin Cyberspace Administration recently issued a circular which requires the operators of apps (including mini-programs and website tools) for the prevention and control of COVID-19 to fulfil personal information obligations in accordance with the law, provide relevant information on personal information protection online and carry out security-based self-assessments and rectification processes, where required.
MIIT interviews Sina Weblog for data breach issues
China | 15 May 2020The Network Security Administration of the Ministry of Industry and Information Technology (MIIT) recently interviewed the party responsible for the Sina Weblog App regarding a data breach caused by malicious use of the user query interface. Sina Weblog replied that it has upgraded its interface security strategy and will perform its data protection obligations according to MIIT's instructions.
NISSTC seeks comments on personal information security guidelines for apps
China | 08 May 2020The National Information Security Standardisation Technical Committee recently released the Network Security Standard Practice Guidelines – Guidelines for Personal Information Security Protection by Apps for public consultation. Based on the statistics released by certain assessment tools and the typical issues which have come to light due to the COVID-19 pandemic, the guidelines summarise 10 activities which app operators should avoid.
Personal information should be well protected during COVID-19 pandemic
China | 24 April 2020In order to protect personal information during the prevention and control phases of the COVID-19 pandemic, the Office of the Central Cyberspace Affairs Commission issued the Circular on Ensuring Effective Personal Information Protection and Utilisation of Big Data to Support Joint Efforts for Epidemic Prevention and Control. This article examines the circular's main requirements.
Institutions without financial qualifications not authorised to collect sensitive personal financial information
China | 17 April 2020The National Financial Standardisation Technical Commission recently issued the Personal Financial Information Protection Technical Specification to regulate the secure management of personal financial information. Based on the damaging effects of unauthorised access to or the modification of such information, institutions without the corresponding financial qualification are not authorised to collect certain types of personal financial information.
MIIT releases guidelines on classification and grading of industrial data
China | 03 April 2020The Ministry of Industry and Information Technology recently released the Guidelines on Classification and Grading of Industrial Data (On Trial) to guide industry and IT administrations, industrial enterprises and industrial internet platform enterprises in carrying out the classification and grading of industrial data. According to the guidelines, 'industrial data' refers to data generated and applied throughout the lifecycle of products and services in the industrial sector.
New personal information security specification released
China | 27 March 2020The State Administration for Market Regulation and the Standardisation Administration recently released a national standard circular to announce that the Information Security Technology – Personal Information Security Specification (Specification 2020) and seven additional national standards have been issued and will take effect on 1 October 2020. Specification 2020 was revised based on the Information Security Technology – Personal Information Security Specification which came into effect in 2018.
How should companies handle employee personal information during novel coronavirus outbreak?
China | 06 March 2020The novel coronavirus pneumonia has been classified as a Class B infectious disease under the Law on the Prevention and Treatment of Infectious Diseases and preventive and control measures for Class A infectious diseases have been taken. To cooperate with the state epidemic control measures and protect employees' health, employers must provide outbreak-related information on their employees, resulting in some special legal issues regarding personal information protection.
Beijing Communications Administration examines app network and data security
China | 31 January 2020The Beijing Communications Administration recently organised a two-month examination of the network and data security of apps to target the illegal, compulsory and excessive collection of user information. The examination selected 50 apps with a certain influence and number of users, covering social media, online rental and automotive services, online education, finance, online medical care, basic telecoms enterprises and six other areas.
Publication of cybersecurity threat information subject to government approval
China | 24 January 2020The Cyberspace Administration of China recently published the Administration Measures for Releasing Cybersecurity Threat Information (Draft for Comments) to solicit public opinions. According to the draft measures, the publication of cybersecurity threat information must be reported to regulators in a number of specific circumstances.
OnDemand: Cybersecurity trends and issues: China
China | 17 January 2020The Chinese government has been cracking down on the unreasonable collection of personal data, introducing a number of new guidelines to ensure compliance in this regard. On the horizon in 2020 is the potential finalisation of the cross-border transfer rules, which – in their current form – impose stringent requirements on affected companies. This video looks at China's recent approach to cybersecurity and what companies should do to ensure compliance.
Educational apps must be filed with education administrative departments
China | 10 January 2020The Ministry of Education recently published the Administrative Measures for the Filing of Educational Apps. The administrative measures require providers of educational apps and institutional users of educational apps to go through filing procedures and indicate that the ministry is tightening controls on educational apps in China.
China strengthens regulation of online audiovisual services
China | 03 January 2020The Administrative Provisions on Online Audiovisual Information Services, which were jointly issued by the Cyberspace Administration of China and two other departments in November 2019, recently came into effect. The provisions set out requirements for the creation, distribution and transmission of audio videos based on new technologies and applications such as deep learning and virtual reality.
Shanghai Cyberspace Administration releases 2019 Network Security Incident Contingency Plan
China | 20 December 2019The Shanghai Cyberspace Administration recently released the 2019 Network Security Incident Contingency Plan. According to the contingency plan, network security incidents in Shanghai are classified as Grade I, Grade II, Grade III and Grade IV. If a network security incident occurs, the relevant entity must report it to the competent authority verbally within half an hour and in writing within one hour.
New cryptography law comes into force
China | 13 December 2019The Standing Committee of the National People's Congress recently approved the Cryptography Law. Under the law, cryptography is divided into core cryptography, ordinary cryptography and commercial cryptography. If a commercial cryptography product concerns state security, the national economy, people's livelihoods or social public interests, it will be included in the catalogue of critical network equipment and dedicated cybersecurity products under the law.
Draft rules on collection of personal data by apps revised
China | 06 December 2019The App Governance Panel recently published a new draft of the Information Security Technology – Basic Specification for Collecting Personal Information in Mobile Internet Applications. Among other things, the new draft sets out requirements for apps that contain third-party codes or plug-ins which can collect personal data and revises the list of 'necessary' personal data for a variety of apps.
Revised Personal Information Security Specification released for public consultation
China | 29 November 2019The App Governance Panel recently released a revised version of the Personal Information Security Specification for public consultation following the previous draft versions published in June and January 2019. The revised draft includes amendments regarding unsubscribing from online services and the obligations of data controllers and processors in that regard.
PBoC proposes new rules to regulate collection and processing of personal financial information
China | 08 November 2019The People's Bank of China recently issued the Trial Measures for the Protection of Personal Financial Information/Data (Preliminary Draft) to relevant commercial banks in order to solicit their opinions. It has been reported that under the trial measures, banks and other financial institutions will be unable to obtain personal financial information from third parties that are illegally engaged in personal credit investigation activities.
Guiding Opinions on Promoting the Development of the Network Security Industry published for public comment
China | 01 November 2019The Ministry of Industry and Information Technology recently published the Guiding Opinions on Promoting the Development of the Network Security Industry for public comment. According to the opinions, the ministry aims to have a number of cybersecurity enterprises generating an annual revenue of over Rmb2 billion by 2025. As such, the opinions provide a list of recommendations to that end.
Educational apps must be officially registered by end of 2019
China | 25 October 2019The Ministry of Education and seven other authorities recently published the Opinions on Guiding and Regulating the Orderly and Healthy Development of Educational Apps. The aim is that all educational mobile apps will be registered by the end of 2019. To this end, providers of such apps must file details of their apps with provincial education administrations and adhere to data protection rules.
Regulations on Network Eco-governance issued for public comment
China | 18 October 2019The Cyberspace Administration of China recently published the draft Regulations on Network Eco-governance for public consultation. The regulations apply to the actions of network information content producers, network information content service platforms and network information content service users, which are prohibited from producing illegal or harmful information.
Email addresses and location information likely to fall within scope of 'personal information'
China | 11 October 2019The draft Civil Code was recently submitted to the Standing Committee of the 13th National People's Congress for a third reading. Compared with the first and second drafts, the third draft expands the scope of the definition of 'personal information' to cover email addresses and location information.
Final rules on protection of children's personal information issued
China | 04 October 2019The final version of the Provisions on the Cyber Protection of Personal Information of Children recently came into effect. According to the provisions, network operators must formulate separate rules and user agreements to protect children's personal information and designate a dedicated person to oversee the protection of such information.
New Guiding Opinions on Strengthening Industrial Internet Safety
China | 27 September 2019The Ministry of Industry and Information Technology and nine other authorities recently published the Guiding Opinions on Strengthening Industrial Internet Safety in the context of establishing China's industrial internet security guarantee system. According to the opinions, the industrial internet security guarantee system should be established by the end of 2020 and be a sound and reliable mechanism by 2025.
Cyberspace administration passes review on precondition for purchase contracts for network products and services
China | 02 August 2019The Cyberspace Administration of China recently released the Cybersecurity Review Measures (Draft for Comment). According to the draft, where an operator of critical information infrastructure purchases a network product or service, it must make an ex ante assessment of the potential security risks that could emerge once the product or service is put into operation and produce a security report accordingly.
CAC issues data security rules
China | 26 July 2019The Cyberspace Administration of China recently issued the Administrative Measures for Data Security (Draft for Comment), which include rules on the collection, storage, transfer, processing and use of data in China via websites, as well as data protection and management. Among other things, the draft measures encourage network operators that collect personal information through websites, apps and other products to formulate specific rules regarding the collection and use of such information.
Cyberspace Administration of China issues rules on protection of children's personal information
China | 19 July 2019The Cyberspace Administration of China recently held a public consultation on the Provisions on the Cyber Protection of Personal Information of Children (Draft for Comment). The draft provisions set out a number of recommendations for network operators, including formulating special rules to protect children's personal information and user agreements and employing a personal information protection specialist or designating personnel to oversee the protection of children's personal information.
Cyberspace administration releases new rules on security assessment of cross-border transfers of personal information
China | 12 July 2019The Cyberspace Administration of China recently released the Measures on Security Assessment of Cross-Border Transfer of Personal Information (Draft for Comment). According to the draft, network operators must apply to the provincial-level cyberspace administration for a security assessment before conducting cross-border transfers. Further, network operators must record all cross-border transfers and retain the records for at least five years.
Police authorities issue guidelines on protection of personal information
China | 31 May 2019The Security Protection Bureau of the Ministry of Public Security, the Beijing Cyber Industry Association and Research Institute Number 3 of the Ministry of Public Security recently issued the Guidelines for the Protection of Personal Information Security on the Internet, which set out a series of measures and processes for the protection of personal information. Although the guidelines appear to be non-binding, they are likely to be treated as a statute-like norm.
MIIT cracks down on intrusive telemarketing and misuse of personal information
China | 24 May 2019Following the Chinese Central TV Station's (CCTV's) broadcast of the 3.15 programme in 2019, the Ministry of Industry and Information Technology decided to crack down on telephone harassment and strengthen the protection of personal information in the telecoms and internet sectors. The CCTV will broadcast 3.15 on 15 March each year in order to reveal company activities which infringe consumer rights and interests.
SCC continues to assess unlawful collection of personal information by apps
China | 17 May 2019The Shanghai Consumer Council recently released the results of its assessment of 39 apps, which aimed to evaluate the level of access that they had to users' personal information. The assessment revealed that 25 apps had been over collecting users' personal information and that only 14 apps had actual service-related reasons justifying their collection of sensitive personal information.
New proposal to fine parties which install surveillance in private locations
China | 10 May 2019The Shenzhen Municipality Justice Bureau recently issued draft regulations on the administration of public security video and image systems for public comment. The draft regulations aim to protect public privacy and strengthen internet information security and information sharing by prohibiting the installation of video and image recording systems in certain locations which concern public privacy. Individuals and entities which fail to comply with the regulations will be subject to fines.
SAMR launches campaign to regulate online advertising
China | 03 May 2019The State Administration for Market Regulation recently issued a notification which aims to encourage local market regulatory departments to crack down on false and unlawful online advertising and create a positive market environment for online ads. According to the notification, local market regulatory authorities will investigate and severely penalise unlawful online ads which concern, among other things, politically sensitive, vulgar or socially influential issues.
First individual punished for using VPN to evade internet censorship
China | 29 March 2019A Guangdong province public security bureau recently fined an individual for using virtual private network (VPN) software to evade Chinese internet censorship in accordance with the Interim Provisions of the People's Republic of China governing the International Interconnection of Computer-Based Information Networks. Although the provisions were enacted in 1996, this is reportedly the first time that an individual has been punished for using VPN software to evade internet censorship.
New campaign to stop apps from unlawfully collecting and processing personal data
China | 01 March 2019The Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security and the State Administration for Market Regulation recently announced that they had launched a campaign to stop apps from unlawfully collecting and processing personal data. The announcement sets out the obligations of various parties with regard to the collection and processing of personal data, including app operators, associations, authorities and public security organs.
Amended personal information security specifications released for public comment
China | 22 February 2019The National Information Security Standardisation Technical Committee recently published the draft Information Security Technology – Personal Information Security Specifications for public comment. Among other amendments, the draft has revised the exceptions regarding authorisation and consent by personal information subjects, introduced rules concerning the merger of personal information and promoted the importance of data protection officers and departments.
MIIT notifies inspected telecom enterprises to rectify loopholes and vulnerabilities
China | 01 February 2019The Cybersecurity Bureau of the Ministry of Industry and Information Technology recently released its checking results for seven inspected telecom enterprises and required them to rectify the loopholes and vulnerabilities of their networks or systems as notified. The inspected telecom enterprises were found to have had a number of major issues, including medium and high-risk loopholes in their business systems and equipment (including their official websites).
Ministry of Public Security releases Guideline for Internet Personal Information Security Protection
China | 25 January 2019The Ministry of Public Security recently released the Guideline for Internet Personal Information Security Protection (Draft for Comment) to solicit public opinions. The guideline requires that personal information holders implement a series of security protection measures. Among others, these include a management mechanism, which involves building firewalls to protect enterprises from criminal risks, and technical measures to ensure that network operations are secure for internet inspection purposes.
Cyberspace Administration of China issues regulations for financial information service providers
China | 18 January 2019The Cyberspace Administration of China recently issued the Administrative Regulations on the Provision of Financial Information Services. Under the regulations, parties must obtain the corresponding permits before they can provide various financial information services. Further, service providers must establish service specifications regarding information content auditing, data retention, information security and personal information and IP protection.
NHC issues guidelines on Big Data security for healthcare industry
China | 04 January 2019The National Health Commission recently released the Circular regarding Issuing National Health Medical Big Data Standards, Safety and Service Management Measures (For Trial Implementation). The circular provides guidelines regarding the standards and security of Big Data in the healthcare industry, as well as service management measures. As the circular is considered to mark the Cybersecurity Law's implementation in the healthcare industry, most of its security measures are derived from the law.
Apple ID constitutes personal information which may affect personal and property safety
China | 21 December 2018In one of the Guangdong province's top 10 internet cases of 2017, the court found that Apple IDs constitute personal information which may affect other parties' personal and property safety. As such, the two defendants concerned were convicted of infringing citizens' personal data rights after more than 1,200 pieces of personal information were found on their computers. This decision is believed to have had a demonstrable effect on the handling of similar cases.
Ministry of Public Security publishes rules on supervision and inspection of internet security
China | 14 December 2018The Ministry of Public Security recently released the Provisions on the Supervision and Inspection of Internet Security by Public Security Organs. According to the provisions, public security organs must supervise and inspect internet service providers and network entity users that provide a range of internet-related services. They also list certain powers that public security organs may use when supervising and inspecting internet security on-site.
Pilot work commences on critical information infrastructure security examination assessment guidelines
China | 07 December 2018The National Information Security Standardisation Technical Committee recently held a meeting to commence the pilot work on the Information Security Technology – Guidelines for Critical Information Infrastructure (CII) Security Examination Assessment (For Approval). The pilot work will focus on the reasonability and practicability of the guidelines. Twelve CII operators from the telecoms, internet, transportation, energy, finance, e-government and public services industries have been selected as pilot units.
SHCA criticises telecoms and internet companies for failing to improve network security
China | 16 November 2018The Shanghai Communications Administration (SHCA) recently criticised four telecoms and internet companies for failing to improve their network security monitoring and forecasting systems and report important matters to the SHCA. The SHCA ordered the companies to rectify these failings and emphasised that telecoms and internet companies have a number of obligations in order to ensure the security and stability of Shanghai's public networks.
MIIT to carry out 2018 network security inspection
China | 04 September 2018The Ministry of Industry and Information Technology recently released its Notification on the Network Security Inspection of the Telecom and Internet Industry in 2018. According to the notification, the inspection will cover the networks and systems established and operated by, among other players, internet enterprises and domain name registration administration and service organisations licensed by telecoms regulators.
Government launches nationwide security inspection and correction campaign for Big Data applications
China | 07 August 2018The Ministry of Public Security recently launched a nationwide security inspection and correction campaign regarding Big Data applications in China. This campaign is one of a series of network security inspection projects which target key information systems, critical information infrastructure and Big Data. The Big Data campaign focuses on the level of supervision, security and protection afforded in the collection, storage, application, transfer and destruction of such data.
NISSTC seeks comments on personal information security impact assessments
China | 10 July 2018The National Information Security Standardisation Technical Committee recently released the Information Security Technology – Guide to the Personal Information Security Impact Assessment (Draft for Comment). The guide provides direction on the personal information specification and stipulates the basic concepts, framework, methods and procedures regarding personal information security impact assessments.
Digital China Construction and Development Report released
China | 03 July 2018The State Internet Information Office recently released the Digital China Construction and Development Report (2017), laying a foundation for further enhancing China's network security protection capabilities. The report urges China to, among other things, establish a 'correct' view of cybersecurity, strengthen the top-level design of its network security and improve its network security laws and regulations.
Cyber and information standardisation committee issues GDPR guidelines
China | 26 June 2018The EU General Data Protection Regulation (GDPR) recently came into force, with impact on a global scale. On the same day, the secretariat of the National Information Security Standardisation Technical Committee published the Network Security Practice Guidelines: EU GDPR Key Issues, setting out some key areas of the GDPR which Chinese companies should account for in their practices.
MIIT issues guidelines on commercialisation of mobile communications resale services
China | 13 June 2018The Ministry of Industry and Information Technology (MIIT) recently issued its Notice on the Formal Commercialisation of Mobile Communications Resale Services, under which private enterprises, state-owned enterprises and foreign-invested enterprises may apply to undertake mobile communications resale services. Applicants must apply to the MIIT or their regional communications administration for the corresponding telecoms business licence and submit contracts signed by the major telecoms companies.
PBC further enhances its management of security measures for credit information
China | 05 June 2018The People's Bank of China (PBC) recently released its Circular on Further Intensifying the Management of Credit Information Security. According to the circular, the PBC will intensify its management of credit information security by, among other things, practically raising awareness around the management of such information and strengthening information subjects' responsibilities in this regard. It will also optimise operational and control procedures for credit-related businesses.
MIIT continues campaign to clear and regulate internet access service market
China | 29 May 2018The Ministry of Industry and Information Technology (MIIT) recently released its Notice to Further Clear and Regulate the Internet Access Service Market. According to the notice, the campaign to clear and regulate the internet access service market has been extended to March 31 2019 in order to solidify the accomplishments achieved and investigate the issues found thus far pursuant to the notice of the same name issued by the MIIT in January 2017.
New measures introduced to regulate scientific data sharing and management
China | 15 May 2018The General Office of the State Council recently issued the Measures for the Management of Scientific Data, which aim to improve and standardise the management of scientific data, safeguard scientific data security and encourage transparency and the sharing of scientific data. This is the first time that China has released measures which regulate scientific data at the national level. However, compared with some European countries and the United States, China still has far to go in this regard.
