The regulation on ISPs drafted during the summer was approved in December by the Chinese Ministry of Information Industry (“Certain provisions to regulate the Internet information service market order“) and will be effective since March 15, 2012.
Like the draft version, the text approved concerns the ISP activities in general and not only the aspects related to data protection. With regard to data processing, the regulation confirms the central role of user’s consent and the concern about data security.
From this perspective, personal information shall not be collected and made available to third parties without the user’s consent. ISPs will inform the users about the data collection and processing; any use of personal information for different purposes will be prohibited. Finally, the regulation provides specific provisions regarding data breach.