New regulations concerning the protection of personal data by internet information service providers, approved by the Ministry of Industry and Information Technology (MIIT) at the end of last year, came into effect on 15 March 2012. The regulations entitled “Certain Provisions to Regulate the Internet Information Service Market Order” (规范互联网信息服务市场秩序若干规定) apply to all internet information services and internet information services-related activities within the PRC. The regulations impose specific obligations and liabilities on internet information service providers relating to the handling of personal data.
Further, according to MIIT, the Computer Software Testing Centre (an institution affiliated to the MIIT) recently completed the drafting of “Information Security Technology – Personal Data Protection Guidelines for Public and Commercial Service Information Systems” (the “Guidelines”). The draft has been submitted to the Standardization Administration of the People's Republic of China for approval as a national standard. MIIT had issued draft “Information Security Technology – Personal Data Protection Guidelines” for public consultation in February last year. It is thought that the current Guidelines are based on that earlier consultation draft and it is now clear that the Guidelines will cover both “public” and “commercial” service information systems.
Although numerous laws and regulations touch on the issue of personal data, there is currently no comprehensive legal framework in the PRC for the protection of personal data. We shall report further on this issue in the next edition of our China IP bulletin.