Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
China's imminent electronic commerce law imposes wide-ranging data-security requirements on merchants, third-party platforms and logistics companies to store and safeguard the personal information of hundreds of millions of people shopping online.
Companies operating outside China—but targeting consumers there—are subject to the new law. It will also cover foreign platforms that allow Chinese companies to trade on them. For example, if Amazon.com Inc. allows Chinese mainland companies to sell on its platform, it will be subject to the law.
“If a multinational company is engaged in cross-border e-commerce activities within China or in cross-border e-commerce activities that involve domestic enterprises which operate an e-commerce business or customers located in China, it's required to protect the personal information and business data in accordance with the law,” Manuel E. Maisog, a privacy partner at Hunton & Williams LLP in Beijing, told Bloomberg BNA.
A draft version of the nation's first comprehensive e-commerce law was issued by the National People's Congress (NPC) Dec. 27, 2016, and is open for public comment through Jan. 26. Domestic and foreign companies were invited to weigh in on the draft, which is 93 articles long and covers issues beyond data security, including anti-competitive practices and payment systems. The data security component of the law is of more concern than other e-commerce matters it covers, Jake Parker, chief representative of the U.S.-China Business Council in Shanghai, told Bloomberg BNA.
Requirements that companies share data with the government raise privacy concerns, he said.
Maisog said open-ended requirements for data to be handed to the government contrast with limited data sharing in the U.S., where the U.S. Cybersecurity Information Sharing Act “is driven more by information sharing among governmental and private sector actors than by compliance with mandatory rules.”
The draft law seeks to facilitate cross-border e-commerce, which is booming in China, as more of the nation's consumers can afford foreign products, which generally are seen as higher quality than their domestic counterparts. China's Ministry of Commerce projects that cross-border e-commerce reached 6.5 trillion yuan ($941 billion) in 2016 and that it will soon constitute 20 percent of China's foreign trade.
“Promoting e-commerce is conducive to China's opening-up strategic layout and the optimization and upgrading of its foreign trade,” Lyu Zushan, deputy director of the National People's Congress Financial and Economic Affairs Committee, told NPC legislators during introduction of the proposed law.
A requirement that companies store certain data for three years and within China is of particular concern, Parker said.
“It's onerous for companies to have to store that much back data,” he said. “Companies manage their data in a global framework,” with many using data-processing centers based in the U.S. or Canada to process data that comes from China, he said.
“Requirements that personally identifiable information be stored domestically can increase costs for foreign companies that must develop their own server or contract out to domestic suppliers to store within Chinese borders,” said Parker, whose organization represents more than 200 U.S. businesses operating in China.
The draft law is loaded with rules on handling data, much of it aimed at protecting consumers' private information, he said. That includes a requirement that companies anonymize personal data before it is shared. It would also give customers the right to control the use of their information, primarily by requiring companies to gain user consent.
The law would require that companies implement reasonable data security measures and sets maximum fines of 500,000 yuan ($72,710).
In case of a leak, loss or damage of data, “e-commerce business entities should take immediate remedial measures, promptly inform the user, and report to the relevant departments,” the draft law says.
The proposed law includes requirements that companies share data with the government.
“A potential privacy concern is the idea of being asked for data without limits and without a public process or court order to make sure the public info complies with the rule of law,” Parker told Bloomberg BNA. “It's unclear which agencies would be allowed to approach them and request this data. That's certainly a concern. We're recommending the law specify which authorities are authorized to collect data,” he said.
Article 5, for example, requires operators to “provide the relevant state departments with the information of e-commerce data in accordance with the provisions of laws and administrative regulations” without specifying what data and which departments. Article 71 provides that the state will establish mechanisms for the storage, exchange and protection of cross-border e-commerce transaction data.
Parker said his group will urge Chinese authorities to offer a “single-window platform for requesting that information.”
To contact the reporter on this story: Mark Melnicoe in Shanghai, at firstname.lastname@example.org
To contact the editor responsible for this story: Donald G. Aplin at email@example.com
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)