By Lijie Han

China’s internet and telecoms industry regulator, the Ministry of Industry and Information Technology (MIIT), recently released two draft regulations for public comment, namely, the amended Measures on the Administration of Internet Information Services (IIS Measures) and the Notice Regarding Strengthening the Administration of Network Access for Smart Mobile Devices (Smart Mobile Notice).

The draft IIS Measures were issued on June 7, 2012 and are meant to supersede the original measures promulgated on September 25, 2000. Among many proposed amendments, the IIS measures require real-name registration for all Internet users who intend to publicize information on the Internet. In addition, the IIS Measures set forth a 6-month record-keeping period for the information publicized by Internet users, and a 12-month period for Internet content providers and access providers to store user records. The IIS Measures also provide for Internet content providers and access providers’ obligation to keep users’ personal information confidential, and generally prohibit sale, alteration, intentional disclosure and illegal use of users’ personal information.

The draft Smart Mobile Notice, issued on June 1, 2012, sets forth provisions designed to protect users’ personal information and privacy by prohibiting smart mobile device manufacturers from pre-installing or using other methods to have users install any application that contains malicious code, collects or modifies users’ personal information without giving notice and obtaining consent from the users. It also prohibits tampering with the telecommunication functions of mobile devices, causing unauthorized bandwidth use or information leakage without notice to and consent from users. These requirements are also applicable to enterprises which bulk order smart mobile devices from manufacturer and install their own applications on the devices and sell them to users.

In the absence of a unified comprehensive personal data protection law, the above provisions contained in the IIS Measures and the Smart Mobile Notice are meant to address the public’s concerns over unauthorized use of personal data and infringement of privacy by Internet content providers and manufacturers of smart mobile devices, and also represent the Chinese government’s on-going effort to enhance the protection of personal data and privacy.