On 28 December 2012, the Standing Committee of the National People’s Congress promulgated the Decision on Enhancing Protection of Network Information, effective from the same date. This decision applies primarily to network service providers, but also to other enterprises and institutions in general, and so most probably applies to all employers in China.
The decision provides relatively detailed requirements on personal data collection, use and protection. Specifically, when collecting and using employees’ electronic personal information, employers are now required to specify and inform the data subject (including employees) of the purposes, methods and usage of such data collection, and obtain the employees’ consent. Current regulations only vaguely require employers to obtain employee consent prior to any “publicising” of personal information, but the decision now requires consent even for the collection of personal information. The requirement to inform data subjects, including employees, of the purpose and use of data collection is also new.
Potential penalties under this decision include warnings, fines and disgorgement of illegal gains, although they seem mostly directed at network service providers and no specific penalty amounts are stipulated in the decision itself. Although the decision is technically not considered a law, companies should still make best efforts to comply with its requirements as the courts may refer to it when deciding on data privacy claims.
You must be a
subscribersubscribersubscribersubscriber
to read this content, please
subscribesubscribesubscribesubscribe
today.
For group subscribers, please click here to access.
Interested in group subscription? Please contact us.