Greetings from Beijing, China! For those who took time off for the International Labour Day public holiday, I hope you enjoyed the long weekend.
In China, 1 May this year marks the implementation of some important privacy-related regulations. The new Measures on the Administration of Online Advertising took effect 1 May, to replace the previous online advertising regulations 2016. The new Online Advertising Measures enhance compliance requirements for online advertising owners, operators and marketers, intending to create a fairer and more transparent business environment and provide better consumer protection. The new Online Advertising Measures specifically provide that without the user’s consent or request, advertisements or advertising links must not be attached to the emails or online instant messages sent to users. In addition, without the user’s consent or with the user’s explicit refusal, online advertisements may not be sent to the user’s cars, navigation equipment, smart home appliances or other Internet of Things devices. Where algorithms are used to publish online advertisements, rules for algorithm recommendations and advertising records should be included in the archives of the advertising operators.
China has become the world’s second-largest advertising market right after the U.S., and digital/online advertising has accounted for over two-thirds of China’s advertising business. The new Online Advertising Measures lift the compliance bar and business organizations are advised to fully understand the new requirements and take necessary compliance actions as soon as possible.
The first week of May also marks the completion of public consultation of an important industry standard entitled the Network Data Security Risk Assessment Guidelines issued by China’s National Information Security Standardisation Technical Committee. The draft Guidelines outline the general principles, requirements, key steps and methodology for conducting network data security assessments. Once adopted, these guidelines are expected to act as best practices for data handlers to follow in performing data security assessments under China’s data laws and regulations. They can also be used by Chinese regulators as good references in their compliance investigations. It is important to note that more industry standards are in the pipeline. According to the committee, another three data-related industry standards on automated decision-making of personal data, security requirements for processing of sensitive personal data, and certification of cross-border data transfer are likely to be finalized in September 2024.
China’s central data regulator, the Cyberspace Administration of China, recently announced that CAC authorities have strengthened resources and intensified investigations and enforcement. According to the statistics released by CAC, in the first quarter of 2023, the national and local CAC authorities have interviewed operators of over 2,200 websites, suspended the operation of 48 websites, shut down 12 mini programs, removed 55 mobile apps from app stores due to unlawful processing of personal information or lack of required risk assessment, and worked with MIIT authorities to cancel illegal ICP permits/filings and shut down 4,208 illegal websites.
It is expected that CAC authorities will remain active in enforcement in the coming months, especially considering that the Chinese SCC Regulations for cross-border data transfer and the Procedural Regulations on Administrative Enforcements by CAC Authorities are scheduled to take effect on 1 June!
Hope you have enjoyed this Digest. Until next time!