Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By John Butcher
Online companies doing business in China would be required to follow the country’s new cybersecurity law restrictions on storing and transferring personal data under the latest draft of e-commerce legislation.
China’s proposed e-commerce law would set online transaction standards and intellectual property protection requirements. The second draft of the bill dropped provisions that appeared in the first draft that defined personal information of e-commerce users, and established requirements for collecting and using that data.
The second draft instead states that e-commerce operators must comply with the country’s cybersecurity law, which took effect June 1. That means Amazon.com Inc. and other e-commerce companies would have to abide by the law’s requirements to store personal data on servers inside China, restrict exporting data overseas, and set personal information security standards.
“It is not that the cyber law has expanded. It’s rather now it has been made clear in the e-commerce law that the rules of the cyber law could apply,” James Gong, a cybersecurity, data protection, and privacy senior associate at Herbert Smith Freehills LLP, in Beijing, told Bloomberg Law.
The cybersecurity law is aimed at critical infrastructure protection. Draft guidance defining critical infrastructure has already swept in companies engaged in the energy, finance, transportation, water conservation, health-care, education, social insurance, environmental protection, telecommunications, media, cloud computing, big data, information network services, science and technology for national defense, large equipment manufacturing, chemical, food, and drug sectors.
“If a U.S. company is operating an e-commerce platform in China, then they are bound to collect a large amount of personal information about the users of the platform,” Gong said.
Because the cybersecurity law considers any company selling goods or services to Chinese consumers as being a covered domestic operation, companies beyond China may be liable for security screening of any data collected from users in China.
“If they are going to export this outside China to a U.S. headquarters, then it will have to be assessed for security. That will be a self-assessment and then if it reaches a certain threshold, it will have to be sent to the regulator for assessment,” Gong said.
The requirement that personal data be stored within China presents challenges for foreign e-commerce companies that process transaction and other data abroad, and for companies that use cloud services to store data.
“This can be costly and does not lead to an increase in security of data. In fact, we continue to push the Chinese government for more clarity on the Cybersecurity law especially on its data localization requirements,” Kenneth Jarrett, president of the American Chamber of Commerce in Shanghai, told Bloomberg Law.
The second draft of the e-commerce bill, released Nov. 7, won’t likely be the final version, as the government opened it to public comments through Nov. 26. Concerns over the latest draft bill won’t be allayed soon, as a third draft is likely, according to Martyn Huckerby, an international corporate practice partner in the Shanghai office of King & Wood Mallesons.
The general rule in China is that “a legislative bill shall be put to vote after deliberations at three meetings of the Standing Committee,” he told Bloomberg BNA. “New elements may be introduced in the third version.”
The e-commerce bill would classify e-commerce operators into three categories: those doing business on their own websites, e-commerce platform operators, and stores on e-commerce platforms.
It would require that e-commerce platform operators protect intellectual property rights by blocking businesses engaged in the sale and distribution of goods or services as soon as they become aware of a violation. A platform operator could be held jointly liable, under the bill, with a seller for IP rights offenses it should have known about.
The e-commerce bill would also more strictly control e-commerce, through provisions to hold companies liable for false advertisements, fabricated transaction information or user comments, or failure to deliver purchased goods and services.
The focus on IP rights is the main benefit to U.S. companies of the proposed e-commerce law, the U.S.-China Business Council (USCBC) said in an analysis report provided to Bloomberg Law.
“In the previous draft of the law, suspected IP violators could simply issue declarations of non-infringement and platform operators would be required to promptly terminate any measures taken against the alleged IP violators. The second draft improves this process by requiring accused IP violators to submit evidence with non-infringement declarations before platforms lift punitive measures,” according to the USCBC analysis report.
The second draft of the e-commerce bill is available, in Chinese, at http://src.bna.com/ueU.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)