Interpretation expands and clarifies privacy protection

The PRC Supreme People’s Court (SPC) and Supreme People’s Procuratorate have recently issued the Interpretation of Various Issues Concerning Application of Law in Handling Crimes of Infringing upon Citizen’s Personal Information. The interpretation clarifies several important issues in bringing criminal cases for infringing personal privacy and broadens the definition of personal information.

Companies now face greater exposure of privacy infringement and risk of criminal liability. The interpretation confirms that the infringement of personal information is a unit offence, which means that companies, together with in-charge and responsible employees, will be prosecuted under the offence.

The interpretation also attributes criminal responsibilities to companies if they fail to meet certain administrative requirements of privacy protection. For example, a company will be held liable for repeated violations of illegally obtaining, selling or providing personal information (not considering the quantity of personal information in the following first key feature), if the company has been subject to administrative penalties within two years, or has been subject to criminal penalties for infringement of personal information.

It is also a criminal offence if a network service provider leaks personal information that causes serious consequences. This can take place if the provider refuses to fulfil its management obligation of information network security, as required under PRC laws and regulations, and refuses to follow the rectification order from the relevant authority.

Business Law Digest is compiled with the assistance of Baker McKenzie. Readers should not act on this information without seeking professional legal advice. You can contact Baker McKenzie by e-mailing Danian Zhang (Shanghai) at: danian.zhang@bakermckenzie.com