China’s New Judicial Interpretation Expands and Clarifies Privacy Protection

The PRC Supreme People’s Court and Supreme People’s Procuratorate have recently issued the Interpretation of Various Issues Concerning Application of Law in Handling Crimes of Infringing upon Citizen’s Personal Information (the “Interpretation“). The Interpretation clarifies several important issues in bringing criminal cases for infringing personal privacy and broadens the definition of personal information.

The Interpretation came into effect on 1 June 2017 at the same time as the PRC Cyber Security Law, both of which indicate China’s continued focus on privacy protection.

Companies now face greater exposure of privacy infringement and risk of criminal liability. The Interpretation confirms that the infringement of personal information is a unit offence, ie companies, together with in-charge and responsible employees, will be prosecuted under the offence.

The Interpretation also attributes criminal responsibilities to companies if they fail to meet certain administrative requirements of privacy protection. For example, a company will be held liable for repeat violations of illegally obtaining, selling or providing personal information (not considering the quantity of personal information in the following first key feature), if the company has been subject to administrative penalties within two years, or has been subject to criminal penalties for infringement of personal information.

It is also a criminal offence if a network service provider leaks personal information which causes serious consequences. This can take place if the provider refuses to fulfill its management obligation of information network security as required under PRC laws and regulations, and refuses to follow the rectification order from the relevant authority.

Source: Global Compliance News