Stay networked. Get informed. Broadcast your projects.
(unofficial English translation)
The Decision of the Standing Committee of the National People’s Congress on Strengthening
Internet Information Protection
(Adopted at the 30th Session of Standing Committee of the 11th National People’s Congress on December 28, 2012)
In order to protect Internet information security, safeguard the legitimate rights and interests of citizens, legal persons
and other organizations, and maintain national security and the public interest, the following is hereby decided that:
1. The State protects electronic information capable of personal identification and involving a citizens’ privacy.
No organization or individual may steal or otherwise illegally acquire a citizen’s personal electronic information, or sell or
unlawfully provide a citizen’s personal electronic information to others.
2. Internet service providers and other enterprises and institutions that collect or use citizens’ personal electronic information
in the course of their business shall follow the principles of lawfulness, timeliness and necessity, and clearly explain the purpose,
method and scope of collection and use of the information, and shall not, collect or use information in a manner that violates the
provisions of laws and regulations, or the agreement of the parties without the approval of the individual whose information is collected.
Internet information providers and other enterprises and institutions that collect or use citizens’ personal electronic information shall make their rules for collection and use publicly available.
3. Internet service providers and other enterprises and institutions and their employees must strictly maintain the confidentiality of citizens’ personal electronic information collected during the course of their business and may not disclose, falsify, damage, sell or illegally provide it to others.
4. Internet service providers and other enterprises and institutions shall adopt technical and other necessary measures, ensure information security, and prevent the disclosure, damage or loss of citizens’ personal electronic information collected during the course of their business. When information is or may be disclosed, damaged or lost, remedial measures shall be immediately adopted.
5. Internet service providers shall strengthen the management of their users’ information; if a provider discovers information published or transmitted contrary to laws or regulations, it shall immediately cease transmitting the information and adopt measures to remove and handle it, retain relevant records, and report to the relevant competent agency.
6. Service providers that handle Internet access procedures for website access services, fixed-line and mobile telephone applications, etc., for users, or that provide information publication services for users, shall require a user to provide his/her real identity when entering into an agreement with the user or confirming the services to be provided.
7. No organization or individual may send commercial electronic information to a fixed-line or mobile telephone or an individual’s e-mail box unless the electronic information recipient has agreed or requested the electronic information or if the recipient clearly expresses his/her opt-out.
8. A citizen who discovers Internet information that discloses an individual’s identity, broadcasts an individual’s private affairs or otherwise infringes on his/her lawful rights and interests, or who suffers harassment from commercial electronic information, has the right to require the Internet service provider to delete the information or take other measures necessary to stop it.
9. Any organization or individual has the right to report or file a complaint with the relevant competent agency regarding the criminal conduct of stealing or otherwise unlawfully acquiring, selling or providing to others a citizen’s personal electronic information, as well as regarding other network information-related criminal conduct. Upon receiving a report or complaint, the agency shall process it promptly in accordance with law. A person whose rights have been infringed can initiate litigation in accordance with law.
10. A relevant competent agency shall carry out its duties within the scope of its mandate in accordance with law, adopt technical and other necessary measures, and prevent, halt and investigate the criminal conduct of theft or other unlawful acquisition, sale or provision of a citizen’s personal electronic information to others, as well as other Internet information-related criminal conduct. Internet service providers shall cooperate and provide technical support to the relevant competent agency in the course of performing its duties in accordance with law.
State agencies and their employees shall maintain the confidentiality of citizens’ personal electronic information learned in the course of carrying out their duties, and shall not disclose, falsify, damage, sell or illegally provide it to others.
11. Conduct violating this decision shall be subject to penalties, such as warnings, fines, confiscating unlawful gains, revoking licenses or cancelling registrations, terminating websites, prohibiting responsible employees from engaging in the network services business and recordation in social credit files and public announcements. Conduct that constitutes a violation of public security management shall be subject to public security management penalties in accordance with law. Conduct that constitutes a crime shall be investigated for criminal liability in accordance with law. Conduct that infringes a citizen’s civil rights and interests shall be subject to civil liability in accordance with law.
12. This Decision shall become effective on the day it is publicly announced.
Comments are closed for this blog post