Sunday, December 30, 2012

Translation: Decision Regarding Strengthening Network Information Protection


National People's Congress Standing Committee Decision Regarding Strengthening Network Information Protection

(Passed at the 30th Meeting of the 11th Plenum of the National People's Congress Standing Committee on December 28, 2012)

In order to protect Internet information security, ensure the legal rights and interests of citizens, legal persons, and other groups, and safeguard national security and the public interest, it is hereby decided as follows:

1. The State protects electronic information that can distinguish a citizens' personal identity and that relates to citizens' personal privacy.

An organization and individual may neither steal or obtain through illegal means citizens' personal electronic information, nor sell or illegally provide to a third party citizens' personal electronic information.

2. Network service providers and other enterprises that collect or utilize citizens' personal electronic information in the course of business activities shall abide by the principles of legality, legitimacy, and necessity, clearly explain the purpose, manner, and scope of collection, and shall not, without the approval of the individual whose information is being collected, collect or use information in a manner that violates the provisions of laws and regulations, and the agreements of both parties.

Network information providers and other enterprises that collect or utilize citizens' personal electronic information shall publicize their rules for collection and utilization.

3. Network service providers and other enterprises and their employees must strictly preserve the confidentiality of citizens' personal electronic information collected during the course of business activities, and may not disclose, falsify, or damage it, and may not sell or illegally provide it to third parties.

4. Network service providers and other enterprises shall adopt technical and other necessary measures, ensure information security, and prevent the disclosure, damage, or loss of citizens' personal electronic information collected during the course of business activities. Remedial measures shall be immediately taken when information has or may have been disclosed, damaged, or lost.

5. Network service providers shall strengthen their management of information issued by their users, and upon discovering the issuance or transmission of information prohibited by law or regulation it shall immediately cease transmission of said information, and adopt measures to dispose of it, such as removing it, retain relevant records, and report it to the relevant agency.

6. When entering into agreements or confirming the provision of services with users, network service providers who provide users network connection services, conduct network access procedures for fixed and mobile telephones, or who provide users with information issuing services shall require users to provide truthful identity information.

7. No organization or individual may send commercial electronic information to a fixed line or mobile telephone or an individual's email address if it has not obtained  the approval of, or a request from, the electronic information recipient, or if the electronic information recipient has clearly expressed its refusal.

8. Citizens who discover network information that discloses an individual's identity, disseminates an individual's private affairs, or otherwise infringes upon their legal rights and interests, or who is harassed by receiving commercial electronic information, has the right to require the network service provider to delete the relevant information or adopt other necessary measures to stop it.

9. Every organization and individual has the right to file a complaint or accusation to the relevant responsible agency regarding any criminal activity relating to the provision of citizens' personal electronic information to a third party through theft or its acquisition or sale through illegal means or other network information illegal criminal activity. Upon receipt of a complaint or accusation, the agency shall handle it promptly in accordance with law. A person whose rights have been infringed may file a lawsuit in accordance with the law.

10. Relevant responsible agencies shall perform their responsibilities within the scope of their statutory authority in accordance with the law, and shall adopt technical and  other necessary measure to prevent, stop, investigate and prosecute the illegal provision of citizens' personal electronic information to a third party through theft or its acquisition or sale through illegal means or other network information illegal criminal activity. Network service providers shall provide cooperation and technical support to relevant responsible agencies in the course of their performing their responsibilities in accordance with the law.

State agencies and their staff shall maintain the confidentiality of citizens' personal electronic information that they learn during the course of fulfilling their duties, and shall not disclose, falsify, or damage it, and shall not sell or illegally provide it to third parties.

11. Activities that violate this Decision shall result in sanctions including warnings, fines, confiscation of illegal gains, revocation of license or cancellation of registration, closure of website, banning of relevant responsible employees from operating network service businesses, and shall be logged in social credit registries and publicized. Activities that constitute violations of public security administration shall be subject to public security administration sanctions in accordance with the law. Where a crime has been committed, criminal responsibility shall be pursued in accordance with the law. Those who infringe upon citizens' civil rights and interests shall bear civil responsibility in accordance with the law.

12. This Decision shall become effective on the day it is publicized.

全国人民代表大会常务委员会关于加强网络信息保护的决定

(2012年12月28日第十一届全国人民代表大会常务委员会第三十次会议通过)

为了保护网络信息安全,保障公民、法人和其他组织的合法权益,维护国家安全和社会公共利益,特作如下决定:

一、国家保护能够识别公民个人身份和涉及公民个人隐私的电子信息。

任何组织和个人不得窃取或者以其他非法方式获取公民个人电子信息,不得出售或者非法向他人提供公民个人电子信息。

二、网络服务提供者和其他企业事业单位在业务活动中收集、使用公民个人电子信息,应当遵循合法、正当、必要的原则,明示收集、使用信息的目的、方式和范围,并经被收集者同意,不得违反法律、法规的规定和双方的约定收集、使用信息。

网络服务提供者和其他企业事业单位收集、使用公民个人电子信息,应当公开其收集、使用规则。

三、网络服务提供者和其他企业事业单位及其工作人员对在业务活动中收集的公民个人电子信息必须严格保密,不得泄露、篡改、毁损,不得出售或者非法向他人提供。

四、网络服务提供者和其他企业事业单位应当采取技术措施和其他必要措施,确保信息安全,防止在业务活动中收集的公民个人电子信息泄露、毁损、丢失。在发生或者可能发生信息泄露、毁损、丢失的情况时,应当立即采取补救措施。

五、网络服务提供者应当加强对其用户发布的信息的管理,发现法律、法规禁止发布或者传输的信息的,应当立即停止传输该信息,采取消除等处置措施,保存有关记录,并向有关主管部门报告。

六、网络服务提供者为用户办理网站接入服务,办理固定电话、移动电话等入网手续,或者为用户提供信息发布服务,应当在与用户签订协议或者确认提供服务时,要求用户提供真实身份信息。

七、任何组织和个人未经电子信息接收者同意或者请求,或者电子信息接收者明确表示拒绝的,不得向其固定电话、移动电话或者个人电子邮箱发送商业性电子信息。

八、公民发现泄露个人身份、散布个人隐私等侵害其合法权益的网络信息,或者受到商业性电子信息侵扰的,有权要求网络服务提供者删除有关信息或者采取其他必要措施予以制止。

九、任何组织和个人对窃取或者以其他非法方式获取、出售或者非法向他人提供公民个人电子信息的违法犯罪行为以及其他网络信息违法犯罪行为,有权向有关主管部门举报、控告;接到举报、控告的部门应当依法及时处理。被侵权人可以依法提起诉讼。

十、有关主管部门应当在各自职权范围内依法履行职责,采取技术措施和其他必要措施,防范、制止和查处窃取或者以其他非法方式获取、出售或者非法向他人提供公民个人电子信息的违法犯罪行为以及其他网络信息违法犯罪行为。有关主管部门依法履行职责时,网络服务提供者应当予以配合,提供技术支持。

国家机关及其工作人员对在履行职责中知悉的公民个人电子信息应当予以保密,不得泄露、篡改、毁损,不得出售或者非法向他人提供。

十一、对有违反本决定行为的,依法给予警告、罚款、没收违法所得、吊销许可证或者取消备案、关闭网站、禁止有关责任人员从事网络服务业务等处罚,记入社会信用档案并予以公布;构成违反治安管理行为的,依法给予治安管理处罚。构成犯罪的,依法追究刑事责任。侵害他人民事权益的,依法承担民事责任。

十二、本决定自公布之日起施行。

Translation: Sun Daluo's Court Judgment for Sharing Books and Articles

The PRC government sentenced Sun Zhiming (孙志明, who wrote under the alias Sun Daluo (孙大骆)) to one year imprisonment for the crime of "di...