China’s telecommunications regulator, the Ministry of Industry and Information Technology (MIIT), has promulgated a new regulation governing the sending of commercial solicitations by text or in-app messaging (SMS, or short-message-service). Entitled Administrative Provisions on Telecommunications Short Message Services (SMS Provisions), the regulation is aimed at cracking down on the proliferation of spam messages on China’s mobile and fixed-line networks, which are sometimes used to promote consumer fraud or offer illegal goods or services. Although mainly targeting commercial solicitations, the SMS regulation provides additional guidance on the issue of “user consent” that is likely to be of interest to companies involved in data collection activities in the Chinese mainland.
The SMS Provisions requires companies offering SMS services in China to first obtain a telecommunications business license. Once licensed, SMS service providers may only send a commercial solicitation to those users who have provided their explicit consent. In addition, the law places data retention requirements on two sets of actors: backbone network service providers, such as China Mobile, who are required to save all information related to SMS service providers, such as their phone number and network access location; and SMS service providers, who are required to save for a period of at least five months all information pertaining to the messages they send, including their content, the recipient’s phone number and subscription history and the time the SMS was sent and received.
While the regulation appears primarily targeted at SMS messages sent over mobile and fixed-line networks, it also includes a provision in Article 37 specifying that short messages sent over the internet are also governed by the SMS Provisions. This would appear to provide MIIT with the discretion to enforce the regulation against in-app messaging services such as China’s popular WeChat messaging app, although this does not appear to be the focus of regulators attention for now.
For data privacy practitioners, the significance of the SMS Provisions is in how it treats the issue of user consent. Under Article 18, commercial solicitations may not be sent to any user who has not specifically provided their consent or a request to receive such texts. While this provision reiterates a prohibition found in other Chinese laws (See, e.g., Decision of the NPC Standing Committee on Strengthening Network Information Protection, Article 7), the SMS regulation clarifies that consent may be subsequently withdrawn by a user at any time and that a user’s silence in response to an initial solicitation should be deemed a refusal (i.e., commercial solicitations require opt-in consent). If refused in this manner, then the SMS service provider may not resend the initial solicitation.
Although Chinese data privacy law requires user consent prior to the collection of an individual’s personal information (PI), it has largely been silent on what actions are required to show this consent. The additional guidance for user consent found in the SMS regulation, although here only applicable to commercial solicitations, indicates that MIIT is taking a more sophisticated view of how consent is obtained and that additional instructions for user consent to PI collection may be included in future regulations.
The SMS Provisions take effect on June 30, 2015. Companies collecting user data in China will want to continue to monitor this space to ensure ongoing user data activities are in full compliance with Chinese law and regulations.
Regulation: http://tech.sina.com.cn/t/2015-05-28/doc-icpkqeaz5908879.shtml (in Chinese)