This bulletin summarises recent cybersecurity and facts protection updates in China to keep you updated on traits. We focus on three regions: regulatory developments, enforcement developments, and enterprise traits.
Regulatory tendencies
Enforcement trends
Industry Developments
Regulatory traits
On 15 March 2019, the Chinese government launched a new certification gadget for application protection to standardize the collection and use of user data, especially non-public facts. The State Administration for Market Regulation and the Office of the Central Cyberspace Affairs Commission issued the Mobile Internet Application (App) Security Certification Implementation Rules. It appointed the China Cybersecurity Review Technology and Certification Centre because of the certification authority. Application operators are recommended to attain security certification voluntarily, and search engines like Google and Yahoo and alertness shops are urged to perceive and prioritize the licensed applications.
2. The Ministry of Industry and Information Technology troubles to steer on areas for industry development
On 14 March 2019, the Ministry of Industry and Information Technology issued steerage to improve regional enterprise standards, including information protection and facts control. The 2019 Guidance on the Construction and Rectification Work of the Information and Communication Industry covers many areas, including personal facts protection and community information security control. The Guidance emphasizes required improvements to inner records security obligation departments, management systems, safety measures, and facts collection and uses rules. Users should be provided with convenient account cancellation services, and specific statements on the cause, technique, and scope of data usage need to be made. Enterprises are advocated to strengthen information protection control for external use and reinforce self-discipline through signing self-discipline conventions and public commitments.
3. Personal data protection law drafting included in this term’s legislative plan
At a press convention held on 4 March 2019, a spokesman for the 13th National People’s Congress showed that the drafting of personal statistics protection regulation had been blanketed within the legislative plan for this term. When answering questions about non-public information security problems, the Congress spokesman, Zhang Yesui, spoke back that there are, in fact, many legal guidelines and policies in China that already involve private facts safety. For instance, the Criminal Law, the General Principles of Civil Law, the Consumer Rights Protection Law, the Cyber Security Law, and the Electronic Commerce Law have all made applicable provisions. However, in standard, the legislative framework is decentralized. The Standing Committee of the National People’s Congress has, consequently, blanketed the drafting of private information protection law within the legislative plan of this term.
4. The Ministry of Education will feature paintings with the network facts branch to control educational applications
On 1 March 2019, the Ministry of Education indicated that it would conduct joint operations with the community data branch to control educational programs. The Ministry issued the Key Points of Education Informatisation and Network Security in 2019. These include plans for the Ministry to analyze and formulate critiques on standardizing educational application management, regulating the creation of 0.33-birthday celebration instructional applications, and developing self-developed academic applications. The Ministry will also be conscious of strengthening the standardized control of studying applications.
Enforcement trends
1. Shanghai Consumer Council tracks issue of utility permissions on non-public records use: no improvement by more than 20%
On 29 March 2019, the Shanghai Consumer Council announced upgrades in permissions to use personal statistics acquired via an internet buying platform and tour and existence carrier applications. Six programs (together with Jumei, Beibei, Qyer, CAR, Gewara, and Baidu Nuomi) failed to treat issues in which the application’s functions did not suit the permissions acquired. The problems concerned features include sending SMS, recording and making calls, analyzing contracts, monitoring outbound calls, resetting the direction of outgoing calls, receiving messages, and analyzing call records.
2. Tianjin Court regulations that TikTok and Duoshan have to prevent right away sharing WeChat user data
On 20 March 2019, the People’s Court in Tianjin ruled that TikTok ought to immediately prevent Duoshan from presenting the WeChat/QQ open platform authorized login. At the same time, Duoshan was also required to prevent the usage of WeChat/QQ user profile pictures and nicknames previously obtained through TikTok.
3. MIIT investigates violations through information and conversation organizations exposed within CCTV three.15 Gala program. The annual 3.15 Gala program, with the aid of China Central Television, revealed a set of businesses that use harassing calls and illegally acquire non-public facts on packages for profit. The Ministry of Industry and Information Technology ordered the uncovered telecommunications companies to shut down the decision traces, make harassing calls immediately, stop the transmission of unlawful numbers, and reinforce the management of telecommunication resources.
The uncovered name center organizations (YiGe Technology, YiLongXinKe, Miaoli Technology, and Lingvo Network) were investigated. The Ministry launched the application shop-connected reaction mechanism right now, requiring the predominant home application shops such as Tencent, Baidu, Huawei, Xiaomi, OPPO, Vivo, and 360 to completely remove the “Social Security at Hand” software. Diggin Network Technology Co., the agency responsible for the “Social Security at Hand” software, will be investigated together with the same applications.
4. The Ministry of Public Security publicizes the outcomes of its “Clean Internet 2018″ unique action. On 7 March 2019, the Ministry of Public Security released the results of its 10-month, countrywide public safety unique motion, “Clean Internet 2018”. More than 57,000 cybercrime instances were detected during the particular activity, and more than eighty-three 000 crook suspects were arrested. Administrative consequences have been imposed more than 34,000 times on net corporations and networked devices, and more than 4.29 million objects of illegal and criminal records were cleared. A supervision machine for the application distribution platform became hooked up to combat unlawful packages, and more than 35,000 applications with malicious packages and acts have been wiped clean up. For online video games, webcasts, quick internet videos, and self-media, the Ministry took action towards 104 enterprises.
