In 2020 the Ministry of Industry and Information Technology issued the Guidelines on the Construction of a Data Security Standards System in the Telecoms and Internet Industries for public comment. According to the draft guidelines, the data security standards system for telecoms and internet industries comprises four categories: basic and general standards, critical technology standards, security management standards and critical field standards.
In August 2020 the National Information Security Standardisation Technical Committee issued the Information Security Technology – Method for Evaluating the Security Protection Capabilities of Critical Information Infrastructure (Draft for Comment) for public comment. According to the draft method, the evaluation of the security protection capabilities of critical information infrastructure will focus on capability domain level, graded protection and cryptography.
In August 2020 the National Information Security Standardisation Technical Committee released the Information Security Technology – Method of Boundary Identification for Critical Information Infrastructure (Draft for Comment) for public opinion. The draft provides six factors that should be considered when identifying the boundaries of critical information infrastructure: critical business, network facilities, information systems, critical business information, critical business information flows and basic operation environments.
The Standardisation Administration and four other government departments recently issued the Guide to the Building of a National Standard Framework for New Generation Artificial Intelligence. The guide requires that the top-level design of AI standardisation should be clarified by 2021 when more than 20 key standards in key general technologies, technologies in key fields and ethics have been preliminarily researched.
In August 2020 the Ministry of Industry and Information Technology and five other government agencies issued the Circular on Organising and Implementing the Recommendation of National Green Data Centres. According to the circular, all regions will recommend a batch of well-managed and representative data centres featuring high-energy efficiency and advanced technology in major application fields in accordance with the Evaluation Indicator System for Green Data Centres.
The consultation period for the Information Security Technology – Security Requirements for the Supply Chain of Information Technology Products (Draft for Comment) recently ended. The requirements, as a recommended national standard, will apply to the security management activities of the IT product supply chain for government information systems and critical information infrastructure. They will also provide a reference for the supply chain security management activities of other information systems.
The Secretariat of National Information Security Standardisation Technical Committee recently released the Practical Guide to Cybersecurity Standards – Self-Assessment Guidelines for Apps to Collect and Use Personal Information to guide app operators to carry out self-assessments. The guidelines provide 28 self-assessment items.
In order to effectively strengthen the protection of users' personal information, the Ministry of Industry and Information Technology issued the Notice on Carrying out the Special Campaign to Promote Governance on Apps that Infringe Upon Users' Rights and Interests, requiring that a national app testing platform management system be launched before the end of August 2020. The testing platform management system is expected to complete testing for 400,000 mainstream apps before 10 December 2020.
The Supreme People's Court and the National Development and Reform Commission recently issued the Opinions on Providing Judicial Services and Supports to Accelerate the Improvement of the Socialist Market Economy System in the New Era. Among other things, the opinions emphasise that the state should strengthen the protection of data rights and personal information security.
The Ministry of Industry and Information Technology (MIIT) recently instructed third-party testing agencies to examine certain mobile apps and issued the Second and Third Batches of Apps that Infringe Upon Users' Rights and Interests, requiring operators of said apps to make rectifications. Numerous apps did not complete their rectifications before the designated timelines. As a result, the MIIT may impose fines.
China Central Television's 3.15 programme recently exposed that third-party software development kit plug-ins for mobile phones were collecting and using users' personal information. In response, the Ministry of Industry and Information Technology immediately asked the relevant entities to investigate the enterprises involved in accordance with the law.
The Justice Bureau of Shenzhen Municipality recently issued the Data Regulations of Shenzhen Special Economic Zone for public opinion. The draft regulations define the concept of 'data rights' for the first time and set out the ownership of personal and public data. According to the draft regulations, no organisation or individual may infringe on natural persons' data rights in accordance with the law.
The General Office of the State Council recently issued the 2020 Legislative Plan, which includes several laws applicable to the cybersecurity sector, such as the Regulations on Network Protection of Minors and the Regulations on the Security Protection of Critical Information Infrastructure.
Foreign insurers cannot directly sell insurance products in China unless they have successfully established a joint venture or wholly foreign-owned enterprise (WFOE) insurer in mainland China. In light of Shenzhen's recent pilots and reforms, it is now the most favourable destination for foreign insurers seeking to establish a WFOE in mainland China.
The Anhui Province government recently issued the Regulations on the Development and Application of Big Data in Anhui Province for public opinion. The draft regulations encourage enterprises, universities, scientific research institutions and other organisations and individuals to engage in the research and development of Big Data technology and give full play to the economic value and social benefits of data resources.
The Anti-monopoly Bureau of the State Administration for Market Regulation recently published the Guidelines on Leniency for Horizontal Monopoly Agreements. The guidelines propose a relatively reliable leniency system under the Anti-monopoly Law, which is of great significance for improving the effectiveness of antitrust enforcement, while providing a valuable source of guidance for Chinese market players to follow.
China's antitrust agency's greatest competition concerns in the automobile sector relate to vertical restraints. Possibly underscoring this concern, the newly published Antitrust Guidelines on the Automobile Industry placed its main focus on clarifying issues arising therefrom. To help companies in the automobile industry better make their own assessments on antitrust compliance in China, this article explains the antitrust rules relating to vertical restraints provided in the guidelines and analyses their implications.
The Central Committee of the Communist Party of China and the State Council have jointly issued the Master Plan for the Construction of the Hainan Free Trade Port. According to the plan, the aim is for the port to be completed and operational as a globally influential duty-free trading centre by 2050. Among other things, the port is expected to open up value-added telecoms services and gradually remove restrictions on the percentage of enterprises' shareholdings which can be held by foreign investors.
In May 2020 the National People's Congress passed the Civil Code, which will take effect on 1 January 2021. The Civil Code includes special provisions on the protection of privacy and personal information and provides that personal information pertaining to natural persons should be protected as a fundamental civil right. The processing of personal information should adhere to the principles of lawfulness, legitimacy and necessity, and excessive and unreasonable processing is prohibited.
While the new Civil Code largely restates the existing Chinese laws on privacy and personal information protection, it applies these laws more broadly and makes it easier for individuals to take civil action in relation to breaches. As such, privacy and personal information protection laws are likely to be enforced more often and more broadly in China from 2021 onwards. Companies that process personal information in China should ensure that their existing privacy practices comply with the new Civil Code.