China Monthly TMC Update - June 2020

China

More cybersecurity and data protection standards to be published in 2020

On 11 June, the National Information Security Standardisation Technical Committee published its annual standard formulation plan in order to solicit public opinion. Working under the guidance of the Cyberspace Administration of China, this Committee is responsible for formulating technical standards for the implementation of cybersecurity and data protection requirements in China.

This year's plan focuses on new standards concerning operational security and data security of mobile applications, critical information infrastructure, artificial intelligence, electronic signatures, blockchain technologies, and industrial control networks. Long-waited standards that may be published in 2020 include Important Data Identification Guidance, Information Security Incident Classification Guidance, IoT Data Security Protection Guidance, Security Framework for Blockchain Technologies, and Security Assessment Specifications for Machine Learning Algorithms. Although these standards are recommendations and are not mandatory, authorities usually rely upon these requirements during enforcement actions.

Please click here for the full text (Chinese only) of the plan.

State Council publishes overall plan for development of the Hainan Free Trade Port

On 1 June, the State Council published the Overall Plan for the Construction of the Hainan Free Trade Port. Following the success of free trade zones in other provinces, Hainan will be the first free trade port in China and will implement a series of policies that are open and beneficial to foreign investment. 

According to the plan, Hainan will formulate policies to facilitate the secure and orderly flow of data, and boost the development of a digital economy. As part of its supportive measures, new international Internet data exchange pilot projects, international submarine optical cables and landing points, and international communication gateways could be launched in Hainan in the near future.

In the telecom sector, Hainan has promised to expand value-added telecommunications services, and gradually remove restrictions on foreign equity ratios in the operation of online data processing and transaction processing services (which are usually needed by e-commerce businesses). In addition, the plan suggests that certain categories of basic telecommunication services might be open to foreign investment, although no further details specifying categories or foreign investment ratio restrictions are provided.

Please click here for the full text (Chinese only) of the plan.

New policies published to support export e-commerce businesses

The General Administration of Customs published a policy supporting cross-border export sales using e-commerce platforms, which will take effect from 1 July 2020.

According to the policy, export sales can either be conducted via a direct B2B model (i.e. the domestic seller first exports goods and then delivers to the foreign buyer after the sales contract is concluded online), or via a foreign warehouse delivery model (i.e. goods are delivered to the foreign buyer directly from a foreign warehouse after the contract is concluded online). All transaction-related data will be shared with Customs in real time, so that tax, quarantine, inspection, and customs clearance matters can be handled while the online transactions are being conducted.

This policy in general follows on the mature model of import retail sales via e-commerce platforms, which was formally launched in China three years ago. Unlike import sales, however, there is not a “white list” restricting the categories of goods that can be sold via this export e-commerce sales model. Currently, the policy only applies in a few pilot cities including Beijing, Tianjin, Nanjing, Hangzhou, Ningbo, Xiamen, Zhengzhou, Guangzhou, Shenzhen and Huangpu.

Please click here or the full text (Chinese only) of the policy.

Misuse of data constitutes unfair competition, rules local court

In a court decision recently issued in Hangzhou, the defendant developed software that can automatically collect the personal data and usage data of WeChat users. The defendant used the data to conduct a series of targeted advertising campaigns on the WeChat platform, which the plaintiff (the operator of WeChat platform) considered to be a disruption to its normal operations and of user enjoyment of WeChat services.

The court first confirmed that the defendant's collection and processing of user personal data violates personal data protection requirements if user consent was not obtained in advance. However, this was not the subject matter of the case. Even if consent had been obtained from all users, the defendant’s use of the data still infringed the plaintiff's rights under unfair competition laws.

According to the court, the plaintiff had contributed significantly to the establishment of “friend” or “group” relationships among users, "moment sharing” mechanisms, and other online community functions.  Without these functions, the defendant would not have been able to analyse and use scattered personal data to conduct precise and targeted advertising based on the relationships and interactions among users on the WeChat platform. The defendant’s activities interfered and disrupted the normal operation of the WeChat platform, caused damage to the plaintiff, and thus constituted unfair competition.

Recently, there has been continuous discussion about whether and to what extent a platform operator has any rights on the data and the internal connections between different sets of data generated over its platform. Local courts are increasingly resolving this issue under the unfair competition law regime rather than the personal data protection regime.