(Mar. 19, 2012) The Ministry of Industry and Information Technology (MIIT) of the Peoples' Republic of China (PRC) recently promulgated Several Provisions on Regulating the Order of the Internet Information Services Market(“Provisions”) (Guifan Hulianwang Xinxi Fuwu Shichang Zhixu Ruogan Guiding, XINHUANET (posted Dec. 31, 2011)). These Provisions prohibit unfair competition among Internet information service providers (IISPs) and protect the legal rights and data privacy of Internet users.
The Provisions came into force on March 15, 2012, and apply to all IISPs and activities related to Internet information services (IIS) within the territory of the PRC. According to the Administrative Measures on Internet Information Services, promulgated by the State Council in 2000, which govern the Provisions, IIS refers to service activities that provide information to online users via the Internet. (Hulianwang Xinxi Fuwu Guanli Banfa (Sept. 5, 2000), art. 2, Central People's Government website (posted June 6, 2005).)
The Provisions prohibit violation by an IISP of other IISPs' legal rights and interests protected by law and list typical practices that have to date badly affected Internet market competition, including:
(1) maliciously disrupting other IISPs' services or the downloading, installation, operation, or upgrading of products related to IIS;
(2) maliciously making products or services incompatible with those of other IISPs;
(3) disparaging services and products of other IISPs or infringing upon their rights through fabrication of facts or dissemination of such fabrications; and
(4) deceiving, misleading, or forcing users to use or to give up other IISPs' services or products, or to modify the parameters of other IISPs' services or products. (Provisions, art. 4.)
In order to control malicious and inappropriate assessment of an IISP's service and products, the assessor is obliged to disclose to the public or to users information pertinent to the assessment, such as the method, the assessing environment and data sources. If the assessed IISP disagrees with the conclusions of the assessment, the IISP is entitled to seek assistance from the assessing party in a re-appraisal undertaken by itself or a third party. (Id. art 7.)
General Protection Against Infringement of Consumer Interests
The Provisions focus on benefiting Internet users and establish a range of measures to prohibit infringement of their interests, restrict bundled products, protect data privacy, and respect users' consent. Web users will not need to face advertising in pop-up windows or be forced to download bundled software, as the Provisions require IISPs to make conspicuous buttons available on screen so that users can freely choose whether to close the window or to install or uninstall the bundled software. (Id. arts. 9 & 10.)
The Provisions stress that IISPs are to be declared as encroaching on users' legitimate rights and interests if they carry out any of the following acts in providing IIS and related products:
· unreasonably refuse, postpone, or cease to provide services or products;
· provide services and products by means of deceit, misleading information, or compulsion;
· improperly tie users to certain designated services and products;
· provide services and products that are inconsistent with their publicity or commitments;
· unilaterally lower service quality, increase users' liability, or change agreed-upon services or business rules;
· fail to give proactive notification and explanation to users of incompatibility of the IISP's services or products with other IIS or related products; or
· without prior notice and users' informed consent, modify browser configuration or other settings or download, install, operate, upgrade, or uninstall software at a user's terminal. (Id. arts. 7& 8.)
Personal Privacy Protection
The Provisions echo the Chinese government's policy of intensifying protection of personal privacy. For the first time, the Provisions define the legal term “User's Personal Information” (UPI), which refers to any information related to a user or that allows a user to be identified when used alone or in conjunction with other information. (Id. art. 11.) IISPs are required to obtain users' consent prior to collecting any UPI or disclosing it to a third party. This is coupled with a requirement to inform the user of the method, content, and purpose of the collection of such information. (Id.) IISPs are not allowed to collect unrelated information or use it outside the scope of providing services. (Id.) Collected UPI must be safely stored. (Id. art. 12.) Where disclosure or likely disclosure of UPI occurs, IISPs must take prompt remedial measures to efficiently reduce the risk or damage and report any risk of serious consequences to the competent authority. (Id.) Non-compliance with the UPI protection requirements may incur a fine of RMB10,000 to RMB30,000 (about US$1,581 to US$4,744). (Id. art. 18.)
The Provisions also cover protection of information uploaded by Internet users. (Id. art. 13.) However, the definition of “uploaded information” and its relationship with UPI are still unclear.
Prepared by Rong Xiang, Law Library Intern, under the guidance of Kelly Buchanan, Chief, Foreign, Comparative and International Law (FCIL) I. Ms. Xiang has a Bachelor of Laws degree from Nanjing University in China and an LL.M degree from the City University of Hong Kong. She recently earned an LL.M. in International Business Law from The American University Washington College of Law.