INTERNET LAW - The Protection of the Right to Privacy on the Internet in China

Cynthia Zhang and Matthew Murphy, MMLC Group, Beijing
mail icon Email discuss icon Discuss printer icon Print

Cyberspace privacy of personal information mainly refers to the right of citizens to enjoy the peace in the network's private life and the protection of private information in accordance with the law. It is a kind of right of personality, which should not be unlawfully infringed, known, collected, copied, disclosed, or utilized by others. It also refers to the prohibition of disclosure of certain personal and sensitive information on the internet, including facts and images. Internet privacy is a right to privacy in cyberspace, new challenges along with the popularity of the Internet. The development of network technology makes it more difficult to protect internet privacy than the traditional privacy.

Join the Internet Law Forum (ILF) to... discuss, share information and knowledge, questions and doubts... regarding the legal aspects of the Internet. The ILF is ALL about the INTERNET... business, laws and regulations, social media... Sign up to enjoy the benefits of the Free Global membership in the IBLS international community!

Definition of Internet Privacy

Cyberspace privacy of personal information mainly refers to the right of citizens to enjoy the peace in the network's private life and the protection of private information in accordance with the law. It is a kind of right of personality, which should not be unlawfully infringed, known, collected, copied, disclosed, or utilized by others. It also refers to the prohibition of disclosure of certain personal and sensitive information on the internet, including facts and images. Internet privacy is a right to privacy in cyberspace, new challenges along with the popularity of the Internet. The development of network technology makes it more difficult to protect internet privacy than the traditional privacy.

Internet privacy includes the main elements: personal data, private information, and individual field. The contents of internet privacy are as follows: (1) the right to know. Users have a right to know what information relevant to themselves is collected by the websites, what purpose the information will be used, as well as who it will be shared with (2) the right to choose. Consumers have a right to choose the use of their personal data (3) reasonable access. Consumers can access the personal data and amend or delete the wrong information through reasonable approaches in order to ensure that the personal information is accurate and complete (4) adequate security. The network company should guarantee the security of users' information and prevent unauthorized illegal access. The users have the right to request the website to take the necessary and reasonable measures to protect their personal information. In addition, internet privacy should also includes the user's right to control the information (the user has the right to decide whether to allow others to collect or use his information) and the right to request judicial relief (the user has the right to bring a civil suit against any institution or individual engaged in infringement on his privacy).


Relevant Provisions on the Protection of Privacy and Internet Privacy in China

Constitutional Protection to Privacy
Article 38 of the Constitution provides that the human dignity of citizens should not be infringed. Article 39 provides that the premises should not be trespassed. Article 40 stipulates that the freedom and privacy of correspondence of citizens are protected by law. These are parts of the privacy of citizens and general principles set out by the Constitution as the basic law. Being not practical, these provisions can only provide the basis for the protection of privacy by other laws and regulations.

Civil Protection to Privacy
There is no provision identifying the right of privacy as the right of personality of citizens in the General Principles of Civil Law set out in 1986. The Opinions of the Supreme People's Court on Several Issues concerning the Implementation of the General Principles of the Civil Law of the People's Republic of China (for Trial Implementation) does not treat the right of privacy as a separate right of personality. It only stipulates that in case anyone propagates the privacy of any other person in writing or orally, which result in a certain influence, such act should be determined as act infringing the citizen's right of reputation. The Answers to Some Problems on the Trial of Cases Concerning the Right of Reputation in 1993 provides that anyone who disclose the privacy materials of others without the consent of them, or promote the privacy of others in writing and orally, which cause damages to the reputation of others, should be punished for infringing reputation of others. It is concluded the infringement on the right of privacy is prerequisite on the infringement on the reputation. Although Interpretation of the Supreme People"s Court on Problems regarding the Ascertainment of Compensation Liability for Emotional Damages in Civil Torts in 2001 does not put forward clearly the right to privacy or treat it as an independent civil right, the privacy is protected as an independent personality interest in Article 1 and 3. These two provisions make great progress on the legislation relating to the right of privacy. It is predicted that the right of privacy will be protected as an independent personality right.

Criminal Protection to Privacy
Anyone who intentionally infringes the privacy of others, causing serious consequences, should be subject to criminal penalties. Article 252 of the Criminal Law provides that whoever conceals, destroys or unlawfully opens another person's letter, thereby infringing upon the citizen's right to freedom of correspondence, if the circumstances are serious, shall be sentenced to fixed-term imprisonment of not more than one year or criminal detention. Article 253 of the Criminal Law provides that any postal worker who opens without authorization or conceals or destroys mail or telegrams shall be sentenced to fixed-term imprisonment of not more than two years or criminal detention. The infringement is not convicted of the crime of invasion of privacy, but the crime of violation of freedom of communication and the crime of opening, concealing and destroying mails and telegrams. It shows that there are many serious violations of the privacy which cannot be protected by the criminal law.

Legal Protection to Internet Privacy
Article 7 of the Measures for Security Protection Administration of the International Networking of Computer Information Networks in the Peoplefs Republic of China provides that users' freedom of communication and communications secrecy are protected by law. No unit or individual shall use the international networking to infringe on users' freedom of communication and communications secrecy in violation of the provisions of law. Article 18 of the Implementation Rules for Provisional Regulations of the Administration of International Networking of Computer Information in the Peoplefs Republic of China provides that it is prohibited to infringe on the privacy of others by accessing computer systems without authorization, tampering with the information of others or sending information in the name of others. However, these provisions are too broad to be applied in legal practice.

The Provisions on the Technical Measures for the Protection of the Security of the Internet were promulgated by the Ministry of Public Security on March 1, 2006. It requires that the providers of the Internet services and entity users of the network should be responsible for carrying into effect the technical measures for the protection of the Internet security and should guarantee the normal functioning of the technical measures for the protection of the Internet security. The providers of the Internet services and entity users of the network should establish a corresponding administration system. The information as registered by users should not be publicized or divulged without the approval of the users, unless it is otherwise provided for by any law or regulation.

Furthermore, the Ministry of Information Service issued the Measures for the Administration of Internet E-mail Services, which came into force on March 30, 2006. This regulation is to protect citizensf privacy of correspondence in using Internet e-mail services. Unless the public security organ or procuratorial organ makes an inspection on the contents of correspondence pursuant to the procedures prescribed in law when required by national security or investigation of crimes, no organization or individual should infringe upon any citizenfs privacy of correspondence on any pretext. It requires that an Internet e-mail service provider should have the obligations of keeping confidential the usersf personal registered information and Internet e-mail addresses. An Internet e-mail service provider or any of its employees should not illegally use any userfs personal registered information or Internet e-mail address, or should not divulge the userfs personal registered information or Internet e-mail address without consent of the user. In addition, no organization or individual may use the Internet e-mail addresses of others, which are got by online automatic collection, by arbitrary alphabetical or digital combination or by other means, in selling, sharing, or exchanging Internet e-mails. Whoever violates above requirements will be ordered by the Ministry of Information Industry or the communication administrative bureau to make a correction. Additionally it will be fined up to RMB $10,000; or be fined up to RMB $30,000 where there are any illegal proceeds.

Additionally, the Personal Information Protection Act has been recently submitted to the State Council for approval and examination. What the Act protects is not only the personal privacy of a citizen but rather a wider scope than the personal privacy, for instance: your cellular phone-number, home address, your medical files, and your occupation and something else. These may not fall into the category of personal privacy but are under the scope of this Act. If you've delivered your resume to an employer's company it is liable for the company to keep the information for you. Should the other party make your personal information known to others it is considered to have violated the law no matter whether it is intentional or unintentional. In addition, the Act has laid down a stipulation as to whether an image pick-up should be installed in a public place at will and how to define the behavior for a secret pick-up or recording. The Act includes not only the protection after the event but also the interference beforehand, i.e., to regulate the behavior from the very head. For instance, some schools want to install video-pick-ups it should be done when being examined and approved. Once the Law for Personal Information Protection is officially brought into force the violation of personal information may not only have to take administrative and civil responsibilities or even criminal liabilities. According to the legislator, the Law for Personal Information Protection for one thing must offer full protection to the personal information, and for another it must not obstruct the normal circulation of information and has to take into consideration the necessary social governance and supervision.


Ways of Infringement upon Internet Privacy and Application of the Law

As the development of Internet technology and commercialization of the Internet, the user's personal data, as a significant network resource, is inevitable to be collected and used, which will inevitably cause the infringement on the user's Internet privacy. The development of e-commerce brings a conflict between the commercial interests of internet service providers and individual privacy protection. The main ways of network infringement are as follows:

Infringement by Individuals

1. People promote, publish or transfer the privacy of others and the privacy between others and themselves on the internet without authorization. Article 18 of the Implementation Rules for Provisional Regulations of the Administration of International Networking of Computer Information in the Peoplefs Republic of China provides that the users are prohibited to enter computer systems without permission and tamper with the information of others; they are also prohibited to distribute malicious information on the internet or send information in the name of others. Under the current law, if the conducts of this kind bring some impact causing damage to the reputation of others, or infringe on the portrait right of others with purpose of profit, such infringement may be punished in accordance with the Civil Code provisions.

2. Without authorization, people enter the system of others to obtain information or to disturb the peace of others, or intercept or copy the electronic information transmitted by others. Most of the infringers of this kind are hackers, who can use various technical means to steal and tamper with the user's private information on the internet, but are almost impossible to be found or identified by the victims. It requires high-tech police forces to provide internet services. Hackers, intercepting or copying the electronic information transmitted by others without authorization, may be treated the same as the ones infringing on otherfs freedom of correspondence, even if their actions are different from the  traditional way of concealing, destroying or opening the letters of others. In case that the circumstances are serious, the hackers may commit the crime of violation of freedom of communication, subject to Article 252 of the Penal Code.

3. Individuals manufacturer, disseminate computer viruses and engage in other activities in violations of the legitimate rights and interests of others on the internet. Hacker may also obtain a number of information by attacking websites. Article 18 of the Implementation Rules for Provisional Regulations of the Administration of International Networking of Computer Information in the Peoplefs Republic of China provides that users shall not manufacture, disseminate computer viruses or engage in other activities in violations of the legitimate rights and interests of others on the internet. Hackers may commit the crimes provided by Article 285, 286 and 287 of the Penal Code, if their conducts are serious. Although the action of infringing on the userfs privacy in cyberspace is not stipulated expressly in those three provisions of the Criminal Code, they can give a warning to the hackers and ensure that the users will not lose their privacy data due to the destroyed computer system, providing indirect protection for Internet privacy.

Infringement by Commercial Comapanies

1. There are a large number of business companies specializing in online survey and obtaining and using the privacy of others illegally. Some internet companies browse and track the operations carried out by the users on the website from time to time by cookie, a tracking tool, which can automatically record the site and content user accessed by the users and send details to the network companies. Internet companies may grasp that person on the basis of this information as well as establish a large database, which may cause the loss of some important information of the users including stock information and credit card information. Mandatory regulations should be enacted to set out the obligations of the website that it cannot use the personal data collected by cookies for other purposes. The website should be held liable for the damages resulted from disclosure of the userfs information due to the fault of website. Furthermore, the companies engage in online survey should be punished by the Criminal Law for their illegal acts causing serious consequences.

2. Advertisers bring a large number of junk emails. The spam will be mainly disciplined by the websites themselves, instead of the law. Anyone who sends spam to a specific person regularly and purposefully should be subject to the tort law. However, it is not realistic and practical to make regulations on the ordinary commercial emails. Therefore, it is necessary to strengthen the self-discipline of internet companies.

Infringement by Software and Hardware Suppliers
Some software and hardware manufacturers insert programs in their own products for collecting the privacy of consumers. For example, Intel put the "security number" into its P ‡V processors in 1999. The computers with processors are very easy to be identified on the network, so that the information transferred by the users can be monitored and their personal data may be tracked inappropriately. It requires very high techniques to identify such infringement, which cannot be found by the users. It is significant to enact an international regulation to restrict the infringement by the suppliers, due to the global use of the software and hardware and suppliers from different regions.

Infringement by Network Providers

1. Infringement by Internet Service Providers (ISP)
Website operators, as the ISP, might infringe on the privacy in the following two ways: (1) The ISP intentionally infringe on the privacy of others (including direct and indirect intention). For example, the ISP transfers or shuts down the emails of its customers, which causes the loss of emails or disclosure of personal privacy and trade secrets. Under such circumstances, the ISP should bear corresponding civil liability. tort and traditional nature of the mail workers to open private demolition or to hide or destroyed mail without distinction, If serious consequences are incurred, the ISP may be investigated for the crime of opening, concealing, destroying mails and telegrams as the postal workers, according to Article 253 of the Penal Code. (2) The ISP might be held liable for the infringing information published by other on the website. In this case, even without intention, it will bear corresponding civil responsibilities for indulging or ignoring the infringement of others. At present, legislators are more tolerant to the infringement on the internet privacy, in order to develop Chinese ISP industry. Infringers are only held liability on the basis of fault, especially where there is a serious fault. From the perspective of legal practice in China, the ISP should stop the infringement, recover the reputation, eliminate the influence and give an apology to the victim, but need not make compensations.

2. Infringement by Internet Content Providers (ICP)
The ICP provides information to the general users by setting up a website. With respect to the infringement of the ICP, Article 20 of the Implementation Rules for Provisional Regulations of the Administration of International Networking of Computer Information in the Peoplefs Republic of China provides that the Internet unit and access unit should report to relevant authorities in a timely manner and take effective actions to stop the information diffusion upon finding the harmful information. The ICP will be held liability on the basis of its fault, if it takes an indulgent attitude to the obvious promotion of privacy of others and commits an infringement on the privacy of the users.

Network Surveillance and Wiretapping
Some of the network's owners or managers will surveil or wiretap the computers within the local area network as well as monitor the emails of individuals within the network through the network center, which severely infringes on the privacy of users. But the network owners or managers intend to conceal their infringement with all kinds of reasons. Network owners or managers are obligated to inform users: (1) the emails or other personal information sent by the users are not private and cannot be monitored by the owners or managers; (2) the network owners or managers are prohibited to use the private information obtained from the users for dissemination or other purposes.


Conclusion

China's Internet as well as the related information technology industry as a whole is still at its start-up stage, but the infringement on the internet privacy has become a prominent social problem that makes the whole society concern. The rights and interests of Internet users cannot be well protected by the existing laws and regulations. It is required to establish a comprehensive legal system on the protection of privacy, especially the privacy in cyberspace. In this paper, we have discussed the concepts of privacy, the existing laws and regulations on the protection of privacy. It is noteworthy that there are various ways of network infringement and the relevant application of the law under those circumstances. Hopefully it could make some contributions to the internet privacy legislation in China.

 

Cynthia Zhang and Matthew Murphy, MMLC Group, Beijing

email icon Email discuss icon Discuss printer icon Print