Library of Congress

Law Library of Congress

The Library of Congress > Law Library > News & Events > Global Legal Monitor

China: NPC Decision on Network Information Protection

(Jan. 4, 2013) On December 28, 2012, the Standing Committee of China’s National People’s Congress (NPC, China’s top legislative body) passed the Decision on Strengthening Network Information Protection. The Decision expressly requires all network service providers in China that provide website access services; handle Internet access formalities for fixed telephones, mobile telephones, and other means of Internet access; or provide information publication services to users must require their users to provide real identity information when concluding service agreements or accepting provision of services. (Text of the Decision [in Chinese], The Central People’s Government of the People’s Republic of China website (Dec. 28, 2012); text of the Decision in English translation, China Copyright and Media website (Dec. 28, 2012).)

According to the NPC, the Decision is made to “protect network information security, protect the lawful interests of citizens, legal persons and other organizations,” and “safeguard national security and the public social interest.” (Id.) The Standing Committee passed the Decision in a vote of 145 members in favor, one against, and five abstentions. (Quanguo Renda Changweihui 12 Yue 28 Ri Xinwen Fabu Hui [NPC Standing Committee Press Conference on December 28], NPC website (Dec. 28, 2012).)

Internet Service Providers to Protect Electronic Data

Article 1 of the Decision states that the state protects electronic data by which the individual identities of citizens can be identified or that involve citizens’ individual privacy. (Decision, art. 1.) Accordingly, Internet service providers (ISPs) are required to:

clearly indicate, abiding by the principles of “legality, legitimacy, and necessity,” the purposes, methods, and scope of collection and use of citizens’ personal electronic data; obtain agreement from the persons whose personal data is collected; and make public their rules for collection and use of personal electronic data (Decision, art. 2);

strictly preserve the secrecy of citizens’ personal electronic data that they collect; not divulge, distort, or damage the data; and not sell or provide the data to others illegally (Decision, art. 3); and

adopt technical measures and other necessary methods to ensure information security and prevent divulging, damaging or losing the personal electronic data collected during business activities (Decision, art. 4).

Other Protections Provided to Internet Users

The Decision generally prohibits commercial advertisements being sent to fixed telephones, mobile telephones, and email accounts. (Decision, art. 7.)

Citizens may request that ISPs delete from the network information that they discover leaks their individual identity, invades their personal privacy, or infringes on their other legal rights and interests. (Decision, art. 8.)

Organizations and individuals may report to or file an accusation with the authorized government authorities about, or file a lawsuit in a court against, unlawful or criminal acts of stealing personal electronic data; gaining such data by other illegal means; selling such data; or illegally providing the data to other persons. (Decision, art. 9)

ISP Cooperation with Government Internet Censorship and Surveillance

In addition to expressly requiring ISPs to obtain real identity information when providing Internet access services and information publication services, the Decision reiterates that whenever ISPs find that content prohibited by laws and regulations is being transmitted, they must stop transmitting the information, delete the information, keep a record of it, and report the matter to authorized government authorities. (Decision, art. 4). A similar provision is included in the Regulation on Internet Information Service previously promulgated by the State Council on September 25, 2000. (Hulianwang Xinxi Fuwu Guanli Banfa [Regulation on Internet Information Service], Sept. 25, 2000, art. 16.)

The Regulation on Internet Information Service also requires that ISPs keep records of each service user’s time spent online, user account, IP address or domain name, phone number, etc., for 60 days and provide that information to the authorized government authorities when required. (Regulations, art. 14.) On this issue, the Decision simply requires ISPs to cooperate with the government and provide technical support upon inquiry from the authorized government authorities. (Decision, art. 10.)

Response to Criticism of the Decision

In response to critics, who contend that the Decision strengthens restrictions on use of the Internet and express concern that the real name requirement will discourage the country’s Netizens from using the Internet to expose corrupt government officials (efforts that appear to have been quite successful recently), the government-sponsored Xinhua News Agency posted a statement in its online version arguing that the Decision “will help, rather than harm, the country’s netizens.” (Gui Tao & Huang Xin, China Voice: Nothing to Fear from New Internet ID Policy, XINHUANET (Dec. 28, 2012).)

Impact of the Decision on Other Internet Rules and Regulations

At a press conference held on December 28 by the NPC Standing Committee, it was reported that the State Council has previously issued nine regulations on administering the Internet, including the Regulation on Internet Information Service. In addition, ministries and departments under the State Council have issued more than ten administrative rules regulating the Internet. These regulations and rules will be reviewed and amended in accordance with the Decision, a spokesperson stated. (Quanguo Renda Changweihui 12 Yue 28 Ri Xinwen Fabu Hui, supra.)