By Richard W. Wigley of King & Wood’s Dispute Resolution Group

Data privacy for internet users is a topic of concern the world over, with the P.R.C. being no exception. Internet information service providers (hereinafter also referred to as “IISPs“), such as commercial websites, regularly collect information from online visitors, sometimes with full knowledge of the visitors and sometimes unknown to the visitors. In addition, IISPs have been known to maliciously introduce software incompatible with the user’s existing software, install certain software such as “spyware” onto users’ computers/mobile devices and/or change users’ browser configurations without permission, and it goes without saying that “pop up ads” are an ongoing online annoyance. As online users in the P.R.C. look for protections from such unwanted invasions of their privacy and restrictions upon user control of their online experience, the recently released “Several Provisions on Regulating the Market Order for Internet Information Services” (hereinafter referred to as the “Provisions”) provides needed rules and regulations in this regard.[1]  

The Provisions, which come into effect on March 15, 2012, are to be implemented and administered by the Ministry of Industry and Information Technology and Communications Administration (“M.I.I.T.“) of the P.R.C. The Provisions cover a wide range of issues relevant to the operation of IISPs in the P.R.C., such as commercial websites (as distinguished from “network service providers” which, in M.I.I.T. terminology provide network services, such as internet access), but this article will look only at those online user issues referenced above.

In relation IISPs introducing software which did so maliciously with the knowledge that it would likely be incompatible with existing user software, Article 5 (Items 3 and 5) of the Provisions notes that it is not acceptable for IISPs to “forc[e] incompatibility on services and products provided by other internet information service providers maliciously” or to “maliciously … forc[e] the users to modify the parameters of services or products provided by other internet information services providers.”