Report on Internet Laws and Policies of China（2014）

　　I. Overview
　　As the Internet industry develops, emerging markets vie for a seat at the table of Internet governance, expressing a strong demand for shared governance under the multi-stakeholder model.China has been promoting the rule of law in cyberspace from multiple perspectives,taking the new trends of Internet development and regulatory requirements into consideration.
　　Generally, Internet laws and policies in 2014 exhibited the following features.
　　1.Strong demand for a multistakeholder model that starts with a new framework of internatioanl Internet governance
　　In terms of Internet development and governance, the increasingly fierce competition for Internet sovereignty and challenges in cyber security bring not only new issues for countries, but also a greater common interest and foundation for cooperation.
　　2.Importance of cyber security top-down design and perfection of counter cyber terrorism mechanisms
　　Cyber security legislation in 2014 mainly focused on four areas: cyber security top-down design, counter cyber terrorism, cyber surveillance and protection of critical infrastructure.
　　3.Many countries enacted legislation to improve personal information protection
　　The rapid development of cloud computing, mobile Internet and other new technologies and businesses brings new challenges to the current legal system of personal information protection. Therefore, in 2014, many countries frequently legislated in this field.
　　4.China promoted the rule of law in cyberspace to adapt to the new trends of industry development
　　China has been promoting the rule of law in cyberspace from multiple perspectives, taking into consideration the new trends of Internet development and regulatory requirements.
　　II. Internet Governance
　　Governments worldwide came to realize the significance of participating in Internet governance and called for the establishment of a democratic, open and transparent Internet governance system.
　　1.Governance mode at a crucial stage of transformation
　　On March 14, 2014, the US National Telecommunications and Information Administration (NTIA) announced that its current contractual relationship with ICANN will terminate on September 30, 2015, and NTIA intends to transfer Internet domain name administration to the community composed of global multi-stakeholders.
　　The transition of dominance in the Internet was caused by two factors: preference of consumers and large companies’ ability to attract and retain users. Under the current situation, the?multi-stakeholder model of Internet governance will remain, and the landscape of Internet governance in the future may be developed into a structure composed of unilateral and multilateral treaties and an international network.
　　2.Various development trends of net neutrality
　　The US Federal Communications Commission (FCC) approved a new act on February 27, 2015, according to which, Internet Service Providers (ISPs), originally classified as information service providers, are re-classified as basic telecommunications operators with public service functions, and are subject to strict regulation.
　　To the contrary, in early March of 2015, the European Union (EU) member states undertook to enact moderate net neutrality legislation to permit telecommunications operators to charge additional fees on specific Internet services, provided that there was no impact on the normal use of the Internet by most users.
　　3.Emergence of data localization
　　Australia approved an act to prohibit transmission of data such as medical records abroad and Korea also approved relevant laws to prohibit the transmission of map information abroad. The most impressive development is the new act approved by Russia at the end of last year, which required Internet companies to store the personal information of Russian users on local servers to achieve data localization. Thus far, China has not issued specific legal restrictions on cross-border data transmission.

　　III.Cyber Security
　　In 2014, violent and terroristic activities increased around the world and the reverberations of PRISM continued. As legislatures pay increasing attention to critical infrastructure, cyber security has become an important field of legislation by countries around the world.
　　1.Cyber security top-down design
　　The White House released the bill on Legislation on Federal Data Breach Notification. Once this bill is approved, unified data breach notification standards will be established at the federal level for the first time.
　　In March 2014, the European Parliament approved the proposal for the Network and Information Security Directive, with an aim to significantly improve cyber security and maintain continuous availability of the networks of EU member states.
　　On November 6, 2014, the Cyber Security Basic Act was approved at the plenary session of the House of Representatives of the National Diet of Japan.
　　On April 14, 2014, the 2014 legislative work plan of the Standing Committee of the National People’s Congress (NPC) was adopted at the 21st session of the Chairman’s Council of the Standing Committee of the Twelfth NPC, which included a plan for formulating a cyber security law.
　　2.Policies on counter cyber terrorism
　　In October 2014, at the 11th session of the Standing Committee of the Twelfth NPC, the Counter-Terrorism Law (Draft) was considered. The Counter-Terrorism Law imposes four major obligations on Internet companies: (i) to enable local storage of data, (ii) to delete information, close websites and terminate services as required, (iii) to provide technical support for counter-terrorism actions, and (iv) to establish a risk assessment system.
　　Foreign counter-terrorism legislation includes the Amendment to the Criminal Code, the Federal Law on Countering Terrorism and the Federal Law on Combating Extremist Activity of the Russian Federation, which imposed criminal liabilities for cyber sedition of extremist and terrorism activities, and the Counter-Terrorism Act approved by the Australian Senate, which conferred stronger powers upon intelligence agencies.
　　3.Critical infrastructure cybersecurity
　　In February 2014, the White House released the Framework for Improving Critical Infrastructure Cybersecurity (Version 1.0), consisting of three main parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers.

　　IV. Intellectual Property
　　1. Learning from foreign Internet copyright protection modes
　　(1)Outbreak of dispute over the EU-wide “Google tax” issue
　　The EU member states hold different views about the “Google tax” issue. In March 2013, the German Parliament’s Lower House approved a bill permitting content publishers to charge search engines and other content aggregators for content usage. In December 2013, Italy announced that the imposition of the “Google tax” would be delayed until July 2014. In Spain, conflicts about the “Google tax” issue broke out.
　　(2)Implementation of “notice and notice” system in Canada
　　The Copyright Modernization Act of Canada introduced a “notice and notice” system. Under this system, upon receipt of an infringement notice, an ISP shall determine the user’s network address according to the data recorded in such notice, and to the extent possible, forward such infringement notice to the user.
　　This system is considerably different from the “notice and takedown” system, and ISPs will be deemed to have fulfilled their statutory obligations once they have forwarded the notices.
　　(3)Reasonable use of orphan works in UK supported by legislation
　　Most digital images on the Internet are “orphan works”, where the metadata is missing or deleted. In 2013, the UK government approved a reform bill permitting enterprises to make commercial use of the so-called “orphan works”.
　　(4)Frequent occurrence of disputes in network links and content aggregation fields
　　In respect of copyrights of network links and content aggregation fields, there have always been controversies over “server standards” and “user standards” among Chinese scholars, and some hold the views of “substantial display standards” and “non-substitution rule of network links”. The “Today’s Headlines” case gave rise to arguments among many scholars. The Meltwater case and Svensson case in the EU may also serve as references for dealing with similar disputes in China.
　　2. Furthering intellectual property (IP) protection in China
　　(1)Revision of the Regulation on the Protection of the Right to Network Dissemination of Information to impose more severe punishment for infringement
　　On January 30, 2013, the State Council issued the Decision on Revising the Regulation on the Protection of the Right to Network Dissemination of Information. Under the new Regulation, the maximum amount of compensation was increased from RMB100,000 to RMB250,000, so as to regulate the infringement of the right to network dissemination of information in the network environment.
　　(2)Introduction of the “notice and takedown” system to the revision of the Patent Law
　　The State Intellectual Property Office (SIPO) of China started the study on the fourth thorough revision of the Patent Law in 2014 and prepared the?Draft Amendments to China’s?Patent Law?(Draft for Comments). Under this revision, Article 71 specifically stipulates the legal obligations and liabilities of ISPs in patent infringement disputes, which initiated disputes in academic circles.
　　(3)Start of protection of graphical user interface (GUI) patents
　　Internationally, the trend has been to protect GUI. On March 12, 2014, the SIPO issued the Decision on Revising the Guidelines for Patent Examination (No. 68) to provide for design patent applications for GUI.
　　(4)Establishment of IP courts brought about a new stage of IP protection

　　On August 31, 2014, the 10th session of the Standing Committee of the Twelfth NPC approved the Decision to Form Intellectual Property Courts in Beijing, Shanghai and Guangzhou, which brought about a new stage of IP protection in China.

　　3. Promoting the development of the Internet industry by safeguarding IP rights in the industry
　　(1)Maintaining the online video copyright ecosystem and multilevel copyright protection system
　　In China, the online video industry has been developed for years and a sound online video copyright ecosystem has been formed. The maintenance of an online video copyright ecosystem requires a good copyright protection environment. On one hand, with increasing competition in the online video industry, the pressure and cost of copyrights have been increasing for genuine video websites. On the other hand, the existence of Internet piracy has obstructed the sound development of an online video copyright ecosystem. It is particularly important, therefore, to form a multilevel copyright protection system for online video copyrights.
　　(2)Mature mobile game industry chain vs. difficult mobile IP protection
　　It is a common industry understanding that mobile games have entered the pan-entertainment age. Currently, mobile game IP protection faces the following difficulties: (i) the life of a mobile game is short, while an action for IP infringement is lengthy; (ii) the cost of IP infringement is low, while the cost of IP protection is high; (iii) the infringement of mobile games may result in large profits and publishers and operators tolerate IP infringement. The key to maintaining the sound development of the mobile game industry is to establish a multi-party IP governance system for the mobile game industry.
　　(3)Rapidly growing online music industry and exploration of genuine music ecosystem
　　Based on data released in the IFPI Digital Music Report 2014, the revenue of the global music industry in 2014 amounted to US$15 billion, in which US$5.9 billion came from digital music. The Music Industry Development Report issued by the Tencent Research Institute showed that paid users of mobile music in the second quarter of 2014 only accounted for 3.5%. The online music industry faces two major issues: exploration of payment mode and piracy control.
　　(4)Internet industrial competition rules becoming clearer

　　Unfair competition cases in the Internet field occurred continuously during recent years and competition rules become clearer, along with practice and judicial adjudication. The following features were exhibited: (i) additional detail in competition rules; (ii) new unfair competition cases have led to more disputes and consumers’ rights and interests have become goals of judgments; and (iii) application of a two-pronged approach with both judicial and administrative authorities, and punishments become more severe.

　　V. E-Commerce
　　1. Smooth progress of legislation on “E-Commerce Law”
　　Currently, the only law governing the field of electronic commerce (“E-commerce”) in China is the Electronic Signature Law. In November 2014, the Financial and Economic Committee of the NPC held the second plenary meeting of the E-Commerce Law Drafting Team, which indicates the conclusion of the preparation and survey stage and the start of the drafting stage of E-commerce legislation.
　　2. Ministries promoting legislation on E-commerce regulation
　　The State Administration for Industry and Commerce (SAIC) issued the Measures for the Administration of Online Trading (Measures) in January 2014, and repealed the Interim Measures for the Trading of Commodities and Services through the Internet issued on May 31, 2010.
　　On December 24, 2014, the Ministry of Commerce (MOFCOM) issued the?Provisions on the Procedures for Formulating Trading Rules of Third-party Online Retail Platforms (for Trial Implementation) to standardize the procedures for formulating trading rules applicable to third-party online retail platforms.
　　3. Suggestions for improving the E-commerce legislation of China
　　As for the current E-commerce legislation in China, in addition to the developments mentioned above, the following issues are to be further considered and resolved.
　　(1)Definition of “online trading platform”
　　The Measures define “third-party trading platform”. There are different opinions on this definition, however, due to the lack of qualifications such as “satisfying one of the following conditions” or “satisfying all of the following conditions”. We suggest that the Measures define all conditions for a platform to be an “online trading platform” and should not define it as a platform satisfying “one of the following conditions”, to avoid the situation that all platform enterprises are defined as operators of “online trading platforms”.
　　(2)“Third-party obligations” of online trading platforms

　　The obligations and liabilities of online trading platforms should be designed on a scientific and reasonable basis. Any illegal acts on the platforms should be determined by public authorities. Enterprises operating platforms may discover and report suspected illegal acts and cooperate with public authorities in dealing with and preserving evidence of illegal acts, which have been determined by the public authorities.

　　VI. Personal Information Protection
　　1. Improvement of legislation on personal information protection around the world
　　On March 25, 2014, the European Parliament overwhelmingly approved the General Data Protection Regulation (Draft).
　　On June 19, 2014, Japan proposed the amendment to the Act on the Protection of Personal Information, which was expected to be submitted to the National Diet in 2015.
　　On March 20, 2014, the Australian Senate approved legislation to require a mandatory data breach notification framework.
　　On July 4, 2014, the Russian Parliament approved a set of amendments to the Federal Law on Information, Informatization, and the Protection of Information and the Personal Data Law of the Russian Federation, requiring websites to store the personal data of Russian citizens.
　　2. Status quo of the world’s legislation on personal information protection
　　At the macro level, in countries and regions where the practice of data protection is more developed, such as the EU, the data protection reform has stepped onto the stage of specific framework design and testing.
　　At the micro level, the development of information protection may be centered around the collection, use, security, breach and flow of data, etc.
　　3. Reference for China’s legislation on personal information protection
　　(1)Cloud computing and personal information protection
　　The future legislation of China on the protection of personal information based on cloud computing may be improved in the following aspects: (i) to formulate laws and regulations on cross-border data flow; and (ii) to detail enterprises’ safeguarding responsibilities by way of government guidelines and industrial standards.
　　(2)Mobile Internet and personal information protection

　　Thus far, China has not paid special attention to or conducted research concerning the protection of personal information on mobile applications, which requires further attention.

　　VII. Open Government Data
　　It is an inevitable tendency for the government, as the entity owning the most and the best social information resources, to make available government data on the premise of ensuring national security and privacy protection.
　　1. Open data policy and practice in the world
　　(1)The US, as the first country to promote open data, has achieved good results in the open data program to promote economic development.
　　(2)As compared with the US, the EU established a relatively conservative framework to open up government data step by step, focusing on public welfare.
　　(3)Numerous countries are working together to promote open data globally. In September 2011, eight countries including Brazil, the UK and the US jointly launched the Open Government Partnership (OGP) by endorsing the Open Government Declaration. As of February 10, 2014, 63 countries in the world have joined the OGP.
　　(4)At a session of the Twelfth NPC, Li Keqiang, the Prime Minister, expressed China’s stance of supporting the opening up of non-secret data.
　　2. Features of the world’s open data policies
　　The practice of open data in the world showed the following features: (i) governments committed to promote data opening up gradually by way of policies and legislation; (ii) unified open government data websites were established to provide immediately available data; (iii) open data was closely related to the need of public services; and (iv) importance was attached to the protection of personal privacy in open government data.
　　3. Suggestions on improvement of open government data policies of China

　　First, the competent authorities should be defined to speed up the formulation and revision of policies and regulations. Second, a uniform open data platform should be established to narrow the information gap. Third, the strength of enterprises may be utilized to exploit the potential of data.

　　VIII. Regulation on New Internet Products
　　With the rapid development of taxi-hailing applications, the explosive growth of Internet TV and the overall flourishing of Internet finance in 2014, new Internet products have greatly impacted the existing legal system.
　　1. Taxi-hailing applications
　　(1)The landscape of the taxi-hailing application market changed from “multiple players fighting against each other” to “two major players being dominant”
　　From the beginning of 2012 to the end of 2013, the taxi-hailing application market featured “multiple players fighting against each other”, with more than 30 taxi-hailing applications existing in the market. From January 2014, DidiDache and KuaidiDache initiated fierce competition for market share, rapidly changing the market structure to “two major players being dominant”. On February 14, 2015, DidiDache and KuaidiDache announced their merger.
　　(2)Issues concerning laws and policies faced by taxi-hailing applications
　　The taxi-hailing applications face three major issues: operation management, licensing and safety.
　　(3)New policies driven by the market

　　In July 2014, the Ministry of Transport issued the Circular on Promoting the Orderly Development of Taxi-hailing Services Including Taxi-hailing via Mobile Software. In January 2015, in respect of the controversy concerning taxi-hailing applications, the Ministry of Transport stated that the “tailored taxi” applications have aggregated car rental services through an online platform, becoming “an innovative service mode in the new age which crossed the traditional boundary between taxi and car rental service”. The competent authority’s attitude towards the taxi-hailing applications indicated that the authority had begun to recognize the taxi-hailing applications due to such applications’ will to drive the transport market with new products.

　　2. Internet TV
　　As required by Circular 181, a partnership pattern of “commercial website + content platform + integrated broadcast control platform + hardware manufacturer” has been formed in the Internet TV industry chain. So far, the State Administration of Press, Publication, Radio, Film and Television (“SAPPRFT”) has approved 7 entities’ engagement in integrated Internet TV services and 14 entities’ engagement in Internet TV content services.

　　Since June 2014, the SAPPRFT has taken a series of measures to regulate and rectify the Internet TV market, which threw cold water on the hot Internet TV market. The SAPPRFT’s regulation and rectification of the Internet TV market will, on one hand, protect the security of the contents of culture communications and direct the orientation of propaganda, and, on the other hand, restrain the rapid development of the Internet TV industry to a certain extent.

　　3. Internet finance
　　(1)Internet finance in China maintained strong momentum of development
　　The development of Internet finance in China has the following features: (i) the scale of the business mainly composed of Internet payment has kept growing; (ii) cross-border cooperation has become the new norm; and (iii) capital investment in P2P financing is active.
　　(2)Problems confronted by Internet finance in China
　　Behind the hot market, Internet finance, as a new business, faces the following challenges in its development: (i) it is hard to find a balance between regulation and innovation; (ii) laws and policies on Internet finance must be perfected; and (iii) with the low transparency of credit information, the foundation of Internet finance development is not solid.
　　(3)The regulation of Internet finance is oriented at encouraging development and the relevant regulatory system is to be improved

　　Under the “financial disintermediation” mode, the competent regulatory authorities have been identified and relevant policies have been established for businesses such as Internet payment and micro finance. However, no regulatory authority has been identified for new businesses, such as P2P and crowd funding. In this area, there are only precedents of punishment, and no sound regulatory system has been established.

　　IX. Outlook
　　1. Improving the top-down design in all fields of the legal system
　　Currently, top-down design is absent in many fields of China’s legal system on the Internet. For instance, there is no overarching legislation or strategy in the field of cyber security. In terms of personal information protection, though the NPC decision initiated legislation on personal information protection, the provisions of the NPC decision are on the “principle” level and no relevant administration system has been established.
　　It is important to improve the top-down design of Internet laws and policies. The law-based network governance should not only focus on the public security of the state, sound development of the industry and protection of users’ personal rights, but also conform to the tendency of technical development and address the challenges brought by new technologies and businesses, so as to define a reasonable boundary between industrial development and market regulation.
　　2. Building the system of laws and policies on cyber security
　　With the exception of the Decision of the Standing Committee of the NPC on Maintaining Internet Security, the Decision of the Standing Committee of the NPC on Strengthening Online Information Protection and several administrative regulations, most existing legislation in China on cyber security is departmental rules or even general normative documents. The hierarchy of current laws does not reach a sufficiently high level. Meanwhile, the legal structure mainly composed of departmental rules results in lack of overall planning and coordination among various departments.
　　Therefore, it is suggested that the Cyber Security Strategy should be issued as soon as practicable to improve the top-down design of cyber security, and relevant legislation on cyber security should be perfected to promote the law-based governance of cyber security.
　　3. Perfecting laws, policies and standards on network content management
　　In 2014, a series of special actions were taken and policies and documents were issued to strengthen the management of Internet content, and more severe punishments were imposed to cleanse the network environment and regulate the order of competition in the Internet market. However, there are still problems with Internet content management. For instance, content management and punishment are mainly based on normative documents and, therefore, have a lower degree of force and effect. In addition, the cost of committing illegal online acts is low, while the cost of law enforcement is high. Therefore, it is suggested that the Internet legislation should be accelerated, a sound regulatory system should be established and Internet users’ legal awareness and media literacy should be improved.
　　4.Reasonably defining the responsibilities of enterprises to achieve balance of rights and obligations
　　The definition of responsibilities of Internet service providers has been an essential issue in Internet legislation and policies. The laws and policies issued and being formulated in 2014, especially those on E-commerce and cyber security, exhibit increasing responsibilities for Internet service policies. It is suggested that a scientific and reasonable system concerning the responsibilities of platform enterprises, which is suitable for the development of the industry, should be established at the level of legislation, and multiple players including Internet users, Internet enterprises, self-regulatory organizations and governments should participate in the establishment of such system.
　　5.Strengthening Internet copyright protection and promoting the development of the cultural industry
　　It has become a common understanding in the Internet industry to promote the operation of copyrighted works in reliance upon quality contents. However, the effective implementation of this operation mode is restricted by the following factors: (i) the impact of piracy on the industry ecosystem; (ii) the constant variation of piracy technologies; and (iii) the increase of costs for enterprises to protect their rights.
　　Therefore, it is suggested that, at the legislation level, the revision of the Copyright Law and the Regulations for the Implementation of the Copyright Law should be accelerated; at the law enforcement level, the joint-action mechanism for administrative governance should be further improved.
　　6.Changing the way of thinking about industry management and directing the development of new businesses
　　Facing the new situation of Internet management, it is crucial to change the way of thinking and philosophy about Internet management. The philosophy of Internet management in China should be changed from “regulation” to “governance”, and “inclusive governance” should be encouraged. It is suggested to implement the differentiated regulation, moderate control, flexible regulation, internal governance and multi-party cooperative governance.
　　7.Following the development of big data technologies and strengthening personal information protection
　　Currently, there is no special legislation on the protection of personal information in China, and relevant provisions are scattered in various laws, regulations and rules, rather than a systematic approach. According to the actual demand for protection of personal rights and industrial development, the following issues remain to be resolved: (i) the legal system remains quite general and abstract; (ii) no rules on the use of personal data and information with guiding significance have been established concerning new technologies and businesses, such as cloud computing; and (iii) no legal system with the actual effect of protection has been developed along with the development of technologies and businesses.
　　In relation to the above-mentioned issues, it is suggested that, at the state level, a special law on the protection of personal information should be formulated and rules and guidelines on the use of personal information with guiding significance should be established. Meanwhile, facing new challenges and issues, it is suggested to learn from the experience of international systems and to introduce new mechanisms of rights protection into legislation.

　　Tencent Research Institute

　　Law Research Center

April 2015