China Proposes New Privacy Obligations on Businesses

    Sep 13, 2016

    While reiterating a number of data privacy and security requirements that apply to companies doing business in China, the country’s State Administration of Industry and Commerce (SAIC) on August 5 proposed an expanded definition of consumer personal information (CPI) as part of draft regulations to implement the recommendations of a standing committee of the National People’s Congress with respect to China’s Consumer Rights Protection Law (CRPL).

    The draft regulations propose to add “identifying biological characteristics” to other characteristics defined in the CRPL, including “a consumer’s name, gender, occupation, date of birth, identification document number, residential address, contact information, status of income and assets, health status, consumption habits, and other information collected by business operators during their provision of goods or services that may, independently or in combination with other information, identify the consumers.”

    Other proposed changes to the CRPL include requiring businesses to retain for at least five years those records proving that consent was obtained from consumers regarding the purpose, method, and scope of CPI collected and used; and to provide timely notification to consumers of any leak or loss of personal information. The consent requirements would be expanded to include electronic commercial information and the making of telemarketing calls. The period for submitting public comments ended September 5.

    The online Global Policy Brief is intended to help you stay current on international news and events. Further information about the issue is accessed by clicking on the link provided at the end of each summary.

    Want to sign up to receive an email version of the Global Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.

    © 2017, ARMA International