A Guangdong province public security bureau recently fined an individual for using virtual private network (VPN) software to evade Chinese internet censorship in accordance with the Interim Provisions of the People's Republic of China governing the International Interconnection of Computer-Based Information Networks. Although the provisions were enacted in 1996, this is reportedly the first time that an individual has been punished for using VPN software to evade internet censorship.
The Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security and the State Administration for Market Regulation recently announced that they had launched a campaign to stop apps from unlawfully collecting and processing personal data. The announcement sets out the obligations of various parties with regard to the collection and processing of personal data, including app operators, associations, authorities and public security organs.
The National Information Security Standardisation Technical Committee recently published the draft Information Security Technology – Personal Information Security Specifications for public comment. Among other amendments, the draft has revised the exceptions regarding authorisation and consent by personal information subjects, introduced rules concerning the merger of personal information and promoted the importance of data protection officers and departments.
The Cybersecurity Bureau of the Ministry of Industry and Information Technology recently released its checking results for seven inspected telecom enterprises and required them to rectify the loopholes and vulnerabilities of their networks or systems as notified. The inspected telecom enterprises were found to have had a number of major issues, including medium and high-risk loopholes in their business systems and equipment (including their official websites).
The Ministry of Public Security recently released the Guideline for Internet Personal Information Security Protection (Draft for Comment) to solicit public opinions. The guideline requires that personal information holders implement a series of security protection measures. Among others, these include a management mechanism, which involves building firewalls to protect enterprises from criminal risks, and technical measures to ensure that network operations are secure for internet inspection purposes.