Jump to ContentJump to Main Navigation
Bulk CollectionSystematic Government Access to Private-Sector Data$

Fred H. Cate and James X. Dempsey

Print publication date: 2017

Print ISBN-13: 9780190685515

Published to Oxford Scholarship Online: October 2017

DOI: 10.1093/oso/9780190685515.001.0001

Show Summary Details
Page of

PRINTED FROM OXFORD SCHOLARSHIP ONLINE (www.oxfordscholarship.com). (c) Copyright Oxford University Press, 2019. All Rights Reserved. An individual user may print out a PDF of a single chapter of a monograph in OSO for personal use. date: 21 November 2019

Systematic Government Access to Private-Sector Data in China

Systematic Government Access to Private-Sector Data in China

Chapter:
(p.241) 11 Systematic Government Access to Private-Sector Data in China
Source:
Bulk Collection
Author(s):

Zhizheng Wang

Publisher:
Oxford University Press
DOI:10.1093/oso/9780190685515.003.0011

Abstract and Keywords

This chapter focuses on China’s systematic government access to private-sector data. In accordance with facilitating Chinese e-government construction, many laws made for the purpose of state security, public security, censorship, and taxation have granted the Chinese government extensive power of access to private-sector data generated in such businesses as information, finance, trade, travel, entertainment, and so on, operated in China. There are no laws or practices related to governmental systematic access currently found in China. However, this kind of systematic data access will certainly find itself anytime in the future enforcement and ensuing legislation once the Chinese government realizes it is necessary with the evolution of e-government strategy.

Keywords:   China, privacy, public security, e-government, Internet, regulation, data reporting requirements

I. Abstract

In accordance with facilitating Chinese e-government construction, many laws made for the purpose of state security, public security, censorship, and taxation have granted the Chinese government extensive power of access to private-sector data generated in such businesses as information, finance, trade, travel, entertainment, and so on, operated in China. There are no laws or practices related to governmental systematic access currently found in China. However, this kind of systematic data access will certainly find itself any time in the future enforcement and ensuing legislation once the Chinese government realizes it is necessary with the evolution of e-government strategy.

II. National Legal Context and Fundamental Principles

Although it is a mixed system,1 with elements of civil law, common law, socialist law, and to a limited extent, traditional law, and is officially named the Socialist System of Laws with Chinese Characteristics,2 China’s legal system in fact has a formal structure approximately resembling the civil law model despite its distinctive Chinese Characteristics. China is also a very centralized country with a powerful government controlled by the Chinese Communist Party (CCP). The CCP maintains its power of absolute control over the law through its highly effective mechanisms and its absolute majority of members in the three branches (p.242) of government: the executive, the legislative, and the judicial.3 Executive officials also make up almost two-thirds of the legislature. Technically, Politics and Law Committees are installed in the CCP at the national and local levels to oversee the direction and cooperation of courts, procuratorate, and police to ensure CCP’s leadership over judicial issues.4 Usually laws are shadows of the CCP’s policies, and courts, procuratorate, and police share the same interest.5 It is often said that “Police prepare all the food, prosecutors serve it, and the courts eat it.”6 In addition, it is the government not the congress that practically plays an initiating, driving, and decisive rule in legislation.7

“The People’s Republic of China practices ruling the country in accordance with the law and [is] building a socialist country of law,”8 was first incorporated into the Constitution as a “ruling strategy”9 in 1999, but rule of law or even rule by law at most is still on the arduous odyssey. As the Chinese delegation described in the 56th session of the United Nations Commission on Human Rights:

The Chinese society is now in the process of transition from too much emphasis on the rule of person and insufficient emphasis on the rule of law to establishing concept of the rule of law, from supremacy of the power to supremacy of the law, from too much emphasis on duties and insufficient emphasis on rights to establishing a correct notion about rights and obligations.10

China was indeed “in transition toward rule of law but still falling short of the minimal standard of achievement required to be considered rule of law”11 10 years ago, and the situation remains much the same now and will be not much (p.243) changed in the near future under the current political system of this one-party socialist state unless a substantial political reform takes place.

In 2004, “The State respects and preserves human rights”12 was included in the Constitution and human rights are thus endowed with a certain legal concept. However, the idea and scope of human rights in China, especially in terms of the official interpretation, is somewhat different from what is universally held in most countries. China stresses the right to development and group rights more than political rights and individual rights. “While China has acknowledged the importance and legitimacy of human rights, it has also challenged the pretense of a universal consensus on human rights issues, or at least the consensus among much of the cosmopolitan elite in economically advanced Western liberal democracies.”13

Privacy as a fundamental human right is still relatively new to China. In the Chinese language, the word for privacy—“yinsi”—connotes “illicit secrets and selfish, conspiratorial behavior.”14 Furthermore, necessary protection of the right to be let alone is assumed in most people’s minds in China to be from fellow citizens rather than from the government because of the long-standing dossiers system, household registration system (Hukou), and misleading education and propaganda imposed on people.15 The awareness of people about governmental intrusion has grown in recent years but is still very vague and weak.16

There was not a legal term named “right of privacy” in laws and regulations before the end of 2009 when the new Tort Liability Law was enacted and the word first appeared, but without a definition or further interpretation.17 It is interesting to note that privacy clearly as a legal right is first present in the Chinese private law instead of the public law because this facet of privacy protection is not related to restriction of government power.

Articles 37, 38, 39, and 40 of the Constitution do promise that the freedom of a person, his dignity, his residence, and the secrecy of his correspondence are “inviolable” and protected from “unlawful” infringements, which altogether indirectly sets a vague privacy protection framework to provide a minimum level of protection for the privacy of the citizen for the purpose of social (p.244) stability.18 However, in constitutional law, penal laws, penal litigation laws, state security laws, and other public-sector laws there are many exemption rules and vague definitions that grant government extensive rights and sizable flexibility for investigation, seizure and, search, especially in the matter of state security or keeping social order.19

The reasons there is a lack of a more comprehensive and unified privacy and data protection law in China are complex, but the situation is not accidental. Privacy is an interest and a right more important to citizens than to the government. The absence of the real representative system for people’s interests, the dominant role of government in legislation, and government’s desire to strengthen and extend its power inevitably result in the long time vacancy of privacy protection, which, in turn, benefits and facilitates the construction of a powerful e-government and electronic dossier society. In fact, the surveillance and censorship systems in China, considered to be the largest and most sophisticated in the world,20 are exactly the confluence of prolonged privacy under-protection and rapid e-government development.

Under the above context, it is really hard to define the boundaries of governmental access to private-sector data, but it’s not difficult to conclude that the government’s systematic access to data held by anyone will become possible and realistic with the evolution of the e-government strategy in accordance with its vital interest in maintaining the state’s control on information and “preserving stability” of the society.

III. Statutory and Regulatory Overview

A. Laws Requiring, Explicitly Authorizing, or Restricting Governmental Access to Private-Sector Data

As discussed above, communications privacy is protected from “unlawful” infringements, which are supposed to be committed by citizens not by government. In fact government enjoys an extensive and unrestricted power of investigation and censorship of communications whenever state security or public security is involved. Article 40 of the Constitution provides,

The freedom and privacy of correspondence of citizens of the People’s Republic of China are protected by law. No organisation or individual may, on any ground, infringe upon the freedom and privacy of citizens’ correspondence (p.245) except in cases where, to meet the needs of state security or of investigation into criminal offences, public security or procuratorial organs are permitted to censor correspondence in accordance with procedures prescribed by law.21

As for procedures prescribed by law, they either lack explicit interpretation or are not known to citizens. This constitutional provision, in the name of privacy protection, actually becomes the primary source of legal authority for many national laws or departmental regulations related to criminal investigation, censorship, or surveillance, any of which normally involves governmental access to data.

As illustrated below, those kinds of governmental access to data are usually explicitly authorized, and there are no explicit restrictions.

1. State Security Law (1993)

Because of the particular importance attached to state security and social stability by the Chinese government, China’s State Security Law is instrumental in the role of authorizing governmental access to the private-sector data, and its legislative foundation is laid according to Articles 1, 4, 28, 36, 51, and 54 of the Constitution, which prohibit the sabotage of the socialist system; acts detrimental to the security, honor, and interests of the motherland; and infringement upon the interests of the state, of society, and of the collective.22

There are two articles in the State Security Law permitting the state security organization to accede, when necessary, to any information or data held by anyone in China. Article 11 stipulates that “where state security requires, a state security organisation may inspect the electronic communication instruments and appliances and other similar equipment and installations belonging to any organisation or individual,”23 and Article 18 states “When a State security organisation investigates and finds out any circumstances endangering State security and gathers related evidence, citizens and organisations concerned shall faithfully furnish it with relevant information and may not refuse to do so.”24 The only restriction for this access is that state security officials must go through their own internal strict approval procedures in accordance with the relevant provisions of the state.25

The Penal Law of China further makes a crime the refusal to provide information. Article 311 requires “Whoever, while clearly knowing that another person has committed a crime of espionage, and when a state security organisation inquires him about relevant circumstances and collects relevant evidence from him, refuses to provide them shall, if the circumstances are serious, be sentenced (p.246) to fixed-term imprisonment of not more than three years, criminal detention or public surveillance.”26

2. Law of Guarding State Secrets (2010 Revision)

Article 28 of Law of the People’s Republic of China on Guarding State Secrets (2010 Revision) stipulates that “Operators and service providers of the Internet or any other public information network shall cooperate with the public security organisation, the national security organisation and the procuratorial organisation in the investigation of secret leakage cases. Where any operator or service provider finds that any information disclosed via the Internet or any other public information network involves any state secret, it shall immediately stop transmitting it, keep the relevant records, and report to the public security organisation, national security organisation or secrecy administrative department. Operators and service providers shall delete information which involves state secrets as required by the public security organisation, the national security organisation or the secrecy administrative departments.”27

3. Criminal Procedure Law of the People’s Republic of China (2012 revision)

Search and seizure procedure is found here in sections 5 and 6 of this law. Any belongings related to crime are subject to search, and any evidence including material evidence and documentary evidence shall be seized. The search warrants are obtained not from court but through their own internal approval procedures or may not be required if an emergency occurs when an arrest or detention is being made.

  • Article 101 Investigators shall conduct an inquest or examination of the sites, objects, people and corpses relevant to a crime. When necessary, experts may be assigned or invited to conduct an inquest or examination under the direction of the investigators.

  • Article 109 In order to collect criminal evidence and track down an offender, investigators may search the person, belongings and residence of the criminal suspect and anyone who might be hiding a criminal or criminal evidence, as well as other relevant places.

  • Article 110 Any unit or individual shall have the duty, as required by the People’s Procuratorate or the public security organ, to hand over material evidence, documentary evidence or audio-visual material which may prove the criminal suspect guilty or innocent.

  • Article 111 When a search is to be conducted, a search warrant must be shown to the person to be searched. If an emergency occurs when an (p.247) arrest or detention is being made, a search may be conducted without a search warrant.

The electronic data is included as evidence in the newly amended version passed by the National People’s Congress on March 14, 2012. The phrase of “respecting and protecting human rights” is also included in this revision, but is considered by many legal scholars as an empty promise because this new amendment vests more powers than ever before in the public security and state security organization.28

B. Separate Laws for Law Enforcement Access, Regulatory Access, and/or National Security Access

The core part of the above-mentioned surveillance and filtering system is the well-known golden shield project run by the Ministry of Public Security (MPS). There are another 11 nationwide golden projects29 managed or overseen by other relative government departments such as the State Administration of Taxation, China Customs, the People’s Bank of China (PBOC), Ministry of Industry and Information Technology (MIIT), etc. The 12 golden projects together with “two networks,”30 “one website,”31 and “four databases”32 are a series of ambitious initiatives to build an advanced e-government as a national informatization process. These projects and databases are loosely based on a framework set by Guiding Opinion on Construction of E-Government in our Country by the State Informatisation Leading Group (2002). This Opinion is technically of a very low level legal authority but quite crucial in actual authorization of government access to private-sector data in the name of e-government “designed to reinforce its surveillance capabilities.”33 Accordingly, all the provinces have enacted their own local Informatisation Rules to join the informatization process.

(p.248) One of the four databases is the national Basic Population Information Database by the MPS. It is based on the resident identification system, which has the basic information of 1.3 billion people.34 The individual fingerprint will be included in the ID system in the near future.35 Besides the four databases, other databases include the national Individual Credit Information Database,36 completed in 200637 and overseen by the PBOC; and the Basic Internet Database coordinated by the MPS and being built by local police at the provincial level.38

The Basic Internet Database is mainly made of data collected monthly since 2006 from ISPs (Internet Service Providers), ICPs (Internet Content Providers), IDCs (Internet Data Centers), and email services.39 No explicit authorization for building this database can be found in any laws, and there are only orders from local police compelling the businesses to submit monthly reports with a data collection template designed by the MPS.40 The data collected include all users’ account and registration information, both individual and corporate, and other data in which the government is interested.41

Building those projects and databases involves systematic data digitalization and data collection of almost every aspect of a person’s life. Data held in the private sector are compelled to contribute to the projects and databases in accordance with the e-government construction based on requirements of various laws related to public security, state security, finance, taxation, insurance, and so on.

The vague language and exemption rules in many laws and regulations give the government substantial flexibility and higher demand for data access. What is more, extensive mandatory data retention imposed on telecommunications, ISPs, ICPs, and IDCs increase much ease of this government access to data.

All of the kinds of governmental access discussed above or below, with explicit mandate or not, take the form of a mediated report that is obviously not the (p.249) systematic access we mean here. One reason for the absence of systematic access and relative laws may be the government’s efforts to accelerate the adoption rate of cloud service in China.42 However, observing the way and practice of e-government construction ongoing, we can imagine that the systematic access will find its way in one form or another once the government realizes it is necessary, and e-government evolves into a new stage.

1. Accounting Law

Article 35 of Accounting Law of the People’s Republic of China (1999 Revision) requires “all units must … accept the supervision and inspection … by the relevant supervisory and inspection departments” and “honestly furnish accounting documents, account books, financial accounting statements and other accounting materials and relevant situations, and may not refuse inspection, conceal materials or report falsely.” The relevant supervisory and inspection departments include “departments in charge of finance, auditing and taxation, the people’s banks as well as securities regulatory and insurance regulatory authorities.”43

All companies no matter whether publicly listed or not are subject to this supervision. This law also gives different government departments the right to gain access to private-sector data.

2. Tax Laws

One of China’s taxation administration regimes is invoice management.44 Since early 2001,45 most of the businesses involved in the sale of products and services have been forced, in the name of the taxation reform starting from Beijing and three other provinces,46 to buy certified fiscal cash registers called tax-control cashier in China to record detailed business transactions and invoice use including many personally identifiable pieces of information.47 Those recorded data are required to be stored in an IC card to send regularly to local taxation authorities.48 (p.250) The taxation authority can also use a taxation management access card to collect those data from the tax-control cashier.49 This practice is authorized by Article 23 of Law of the People’s Republic of China on the Administration of Tax Collection and the Notice50 from the State Administration of Taxation to provincial taxation authorities in accordance with the building of the Golden Tax Project, one of China’s 12 e-government projects mentioned above.51 “Promotion of using online invoice management system” is included in the Invoice Management Measures of the People’s Republic of China when amended 2010.52

3. Internet-Related Laws

As indicated below, the public security organizations and other various government departments have been given extensive powers in the name of protection of information security by a series of computer, Internet, and telecommunication laws to censor the “illegal and harmful” content and to investigate criminal activities. These laws will be significant in helping government gain the systematic data access in the future when deemed necessary.

For example, according to current regulation, any Internet Data Center (IDC) and web hosting services must be licensed and required to verify, record, and report actual users’ information and online activities.53 In some provinces and local municipalities IDC services are even required to provide police with an administrator account for regular inspection.54

An order dated April 11, 2011, from local police of Langfang, a small city near Beijing, explicitly requires any businesses or institutions providing nonprofit Internet access service in a public place, such as shops, hotels, restaurants, bars, bookstores, schools, etc., to install police-licensed monitoring software, in the name of computer security, to record customers’ identities and Internet activities and send those recorded data to the police system in real time.55

(p.251) 4. Regulation on Internet Information Service of the People’s Republic of China (2000)

This law promulgated by the state council imposes mandatory data retention on many Internet- related businesses and grants many government departments power of access to data retained.

It requires that “Internet information service providers that engage in the provision of such services as news, publishing, or electronic bulletin board services, etc. shall keep a record of the information they provide, the times of dissemination and the URLs or domain names. Internet access service providers shall keep a record of such information as the times online subscribers are online, the subscribers’ account numbers, the URLs or domain names, the callers’ telephone numbers, etc. Internet information service providers and Internet access service providers shall keep copies of such records for 60 days and shall provide them to the relevant State authorities when the latter make inquiries in accordance with the law.”56

5. Provisions on the Technical Measures for the Protection of the Security of the Internet 2005

These provisions enacted by the MPS further include IDCs into data retention. Any ISPs, ICPs, and IDCs are required to record and keep for at least 60 days the users’ registration information, web addresses visited, IP addresses, time stamp, content published etc. for the possible use of police later.57 Furthermore, a BBS service provider must have “the function of auditing the information as registered by users and information as publicised.”58 The law authorizes the public security organization to “offer guidance to and carry out supervision and examination” on the implementation of the cybersecurity measures.59

6. Regulations on the Administration of Business Sites of Internet Access Services 2002

This law governs Internet cafes and similar places and vests both the MPS and culture authority the power of access to data. Article 23 requires that “An operating entity shall verify and register the identification cards or other valid certificates of the Internet users, and shall record the relevant net information. The registration and records reserved shall be kept for at least 60 days, and shall be provided when the departments of culture administration or public security consult them pursuant to law. The registration and records reserved may not be (p.252) modified or deleted during the period of keeping.”60 The actual practice is to send those recorded data to the police system in real time.61

7. Interim Measures for the Trading of Commodities and Services through the Internet 2010

This regulation governs online sales and is promulgated by the State Administration for Industry and Commerce. It requires that “A network trading platform service provider shall file operating statistics about network commodity transactions and the relevant services with the local administrative department for industry and commerce on a regular basis.”62

The mandatory data retention in this interim law requires that a network trading platform service provider shall examine, record, and retain the information about network commodity transactions. Information about the business license or individual identity of a business operator shall be preserved for at least two years from the date when the business operator is removed from the network trading platform. The backups of trading records and other information shall be retained for at least two years from the date when a transaction is concluded.63

8. Measures for the Administration of Internet E-mail Services 2006

These measures by the MIIT provide that “Citizens’ privacy of correspondence in using Internet e-mail services shall be protected by law. Unless the public security organisation or procuratorial organisation makes an inspection on the contents of correspondence pursuant to the procedures prescribed in law when required by national security or investigation of crimes, no organisation or individual shall infringe upon any citizen’s privacy of correspondence on any pretext.”64

“The procedures prescribed in law” are not, as usual, further detailed. The exemption rule and vague expression of language virtually grants the police much room to gain access when the police consider it necessary. Actually there is an email data collection template designed by the MPS required to report to police on a monthly basis.65

(p.253) 9. Interim Provisions on the Administration of Internet Culture (2011 Revision)

This law enacted by the Ministry of Culture governs online music, online games, online shows, online works of art, online cartoons, etc. Article 20 stipulates that “an Internet cultural entity shall record the contents in the back-up of the cultural products, the time and Internet web address or domain name of the back-up. The back-up of the records shall be kept for 60 days, and be provided when the relevant department of the state makes an inquiry in accordance with the law.”66

10. Interim Provisions on the Administration of Internet Publication 2002

This provisions jointly promulgated by the General Administration of Press and Publication and the former Ministry of Information Industry (MII), now the MIIT, govern online books, newspapers, periodicals, audio and video products, electronic publications, etc. Article 22 requires that Internet publishers shall keep a record of the published contents, time, and IP address, and the record shall be kept for 60 days and be provided when the relevant departments of the state make inquiries pursuant to law.67

11. Provisions for the Administration of Internet News Information Services 2005

Article 21 provides that an Internet news service provider shall record the contents of the news information it has published or transmitted, the time, etc. The backup of the records shall be preserved for at least 60 days, and be provided when the relevant department inquires them in accordance with the law.68

12. Management Provisions on Electronic Bulletin Services in Internet 2000

Enacted by the former MII, this department rule governs BBS, online chat, and other online interactive service. It requires that user accounts, interactive contents, time stamp, and telephone number, and other information be recorded and kept for 60 days, and be provided when the relevant state organization inquires about them.69

(p.254) 13. Several Provisions on Regulating the Market Order of Internet Information Services 2011

Article 11 of this law is another example of an exemption rule for government access and states that “without obtaining the permission of users, an Internet information service provider may not collect information which is relevant to users and can serve to identify users solely or in combination with other information (hereinafter referred to as the “personal information of users”), and nor may it provide the personal information of users to others, unless it is otherwise provided by laws or administrative regulations.”70

This law was issued at the end of 2011—shortly after a widespread leakage of accounts (including emails) and passwords affecting more than 10 million users of several Chinese websites71 to appease the wild anger of Chinese netizens. The leakage is said to be a protest against the real name registration regulation for microblogs (Chinese social media like Twitter) effective from March 2012.72 Most people couldn’t understand why passwords were stored without even a simple encryption in those commercial websites. It was rumored that the unencrypted practice of password storage was required by police for their convenience of access. Considering Tom-Skype (Skype in China) practice73 leaked in 2008, the rumor is not really ungrounded.

As for the intelligence access, there is no unified law or much regulation governing intelligence activities. Due to China’s special political system, all government and semi-government agencies including press might be mobilized to collect and analyze intelligence for governmental decision-making although there are sometimes no explicit legal mandates. For example, People’s Daily, a national newspaper, has established a department and uses software to monitor and collect users’ comments, opinions, and sentiments about government through its news portal as a kind of intelligence for government.74

Generally speaking, the Chinese intelligence system is primarily made up of the military intelligence service and the state security organization and public security organization. The state security organization is similar to the CIA but enjoys law enforcement powers including arrest, search, and seizure according (p.255) to the State Security Law and Criminal Procedure Law.75 Based on broad definitions and interpretations from the various laws about public security, state security, and defense the public security organizations are mainly responsible for domestic intelligence whereas the state security organizations and military intelligence service are responsible for foreign intelligence including Taiwan and Hong Kong. The construction of the Basic Internet Database noted above is part of the so called “greater intelligence” strategy employed by the MPS.76

C. Laws Requiring Broad Reporting of Personal Data by Private-Sector Entities

1. Anti-money Laundering Laws

Article 3 of the Anti-Money Laundering Law of the People’s Republic of China 2006 requires that all financial institutions inside China “develop and improve the system for client identity identification, system to keep the materials of client identity and trading record, and system to report large amount trading and suspicious trading, and implement their duties of anti-money laundering.”77 The Measures on the Administration of Client Identity Identification and Materials and Transaction Recording of Financial Institutions further stipulates that a financial institution shall “appropriately preserve client identity materials and transaction records, guarantee that each transaction be reflected, so as to provide information needed” and “so as to facilitate anti-money laundering investigation, supervision, and administration.”78

The Anti-Money Laundering Monitoring Analysis Centre (CAMLMAC), as China’s Financial Intelligence Unit (FIU), was established in 2004 according to the requirement of the Anti-Money Laundering Law. CAMLMAC is operated under the central bank the POBC and is the main agency authorized to collect and analyze reports of large and suspicious transactions from all financial institutions, including banks, insurances, securities, fund managements, etc. and some other specific non-financial institutions such as payment and clearing organizations.79

Accounting firms and law firms, pawn stores, lotteries, and sales of real estate, jewelry, and precious metals are classified as specific non-financial institutions according to the law, have not been immediately incorporated into the (p.256) transaction-reporting mechanisms, and may be required to comply with anti-money laundering rules and regulation in the future.80

In addition, for the last few years, a considerable number of regulations and rules have been made to provide more detailed directions. Currently, large-value and doubtful transactions are required to send reports regularly to local branches of the POBC electronically.81

Under the pressure of supervision and inspection and in fear of missed reports of suspicious transactions, many financial institutions report indiscriminately to the CAMLMAC large amounts of ordinary transactions. The CAMLMAC collects more than 50 million reports annually, of which only a few are useful data for anti-money laundering operations.82

China has joined several international anti-money laundering conventions including the United Nations Convention against Transnational Organised Crime, United Nations Convention against Transnational Organised Crime, and United Nations Convention against Corruption.83

2. Measures for the Control of Security in the Hotel Industry 1987

Measures for the Control of Security in the Hotel Industry 1987 by the MPS require “A hotel shall register guests” and “the guest’s identification card shall be examined and an accurate registration of all stipulated items shall be made. If accommodation is provided to a foreign guest, the accommodation registration form shall be submitted to the local public security organisation within 24 hours of the guest’s arrival.”84 It also authorizes provincial, autonomous region, and directly administered municipal public security departments to formulate detailed implementing rules.

All provincial detailed rules enacted require hotels to upload within two hours the detailed registered personal information of both domestic and foreign guests including photos and credit cards to the Hotel Public Order Administration Information System controlled by the MPS formerly through certified desktop software and now through websites.85 The Hotel Public Order Administration (p.257) Information System is closely related with the Basic Population Information Database and other databases such as motor vehicles management system, criminal information system, etc. in the police system.86

3. Interim Measures for the Administration of Air Transport Itineraries/Receipts of E-tickets (2008)

It stipulates that the electronic data of itineraries/receipts of passengers shall be properly kept by the distributing entities as authorized by the Civil Aviation Administration of China for five years, and after the expiration of that period, that data shall be eliminated after being reported to and approved by the Civil Aviation Administration of China and the State Administration of Taxation.87

In addition, all Chinese passengers’ information is processed by a state-owned company called TravelSky and connected with the airport security system.88

4. Regulation on the Administration of Entertainment Venues 2006

The “Entertainment Venues” refers to the singing, dancing, and gaming places that are operated for profit and are open to the general public and for the self-entertainment of consumers.89 This regulation requires that these places shall keep the video materials as recorded down by the closed circuit television for 30 days for future investigation, and shall not delete them or use them for other purposes.90 These places are also required to establish a roster of working staff members, which shall indicate the true names and photocopies of identity cards, and to set up a log of business operations that indicates the duties, working hours, and working places of its working staff, and shall not delete or alter the log of business operations, and shall keep it for 60 days.91

Measures for the Public Security Administration of Entertainment Venues by the MPS further requires these businesses “to cooperate with the public security organ in establishing an information system for public security administration of Entertainment Venues according to the relevant provisions on informatisation of the State, and input, at real time and faithfully, the information on the working staff, log of business operations and safe patrolling, and transmit and report it to the public security organ.”92

(p.258) D. Laws Permitting or Restricting Private-Sector Entities from Providing Government Officials with Voluntary Broad Access to Data

There are no laws currently governing this issue. The government can always find an excuse or reason to gain data access through the vague language of relative laws. In other cases private-sector entities might provide government officials with voluntary broad access to data in seeking favorable policy or government investment.

E. Role of the Courts for Major Categories of Data

The role of courts in China is minor as long as the government is involved.93

F. Standards for Use

As noted above, most of data acquired have been used to build the e-government projects and databases. The Guiding Opinion on Construction of E-Government and provincial Informatisation rules encourage interdepartmental data sharing to reduce costs and to maximize utilization of the resources except when state secrets are involved.94

The Anti-Money Laundering Law and Statistics Law do clearly impose a restriction of use solely for anti-money laundering or survey purpose.95

G. Cross-Border and Multi-jurisdictional Issues

Current China laws only claim jurisdiction on corporations with data servers established inside China. There are no laws found on governing cross-border data flow.

Notes:

(1.) Randall Peerenboom, “The X-Files: Past and Present Portrayals of China’s Alien ‘Legal System,’ ” 2 Wash. U. Global Stud. L. Rev. 37 (2003).

(2.) White paper released by State Council Information Office, The Socialist Legal System with Chinese Characteristics (2011).

(3.) Xianhong Qin, “CCP’s Influence on Legislation” (2001), http://www.usc.cuhk.edu.hk/PaperCollection/Details.aspx?id=2357.

(4.) Migalhas International, “The Legal System of China” (2007), http://lexuniversal.com/en/articles/3656.

(5.) Dingjian Cai, History and Reform: New China’s Journey to Legal Construction (CUPL Press, 1999), at 259.

(6.) Zhiwei Tong, “Let Sunshine of Constitution Shed on Penal Laws Application” (2010), http://article.chinalawinfo.com:81/article_print.asp?articleid=54698.

(7.) Jun Feng, “Sixty Years Administrative Legislation: Retrospect and Perspective” (2009), http://www.iolaw.org.cn/showArticle.asp?id=2836.

(8.) Constitution of the People’s Republic of China, Article 5, Amendment 3.

(9.) White paper released by State Council Information Office, The Socialist Legal System with Chinese Characteristics (2011).

(10.) Delegate Briefs UN Commission on China’s Human Rights Achievements (2007), http://english.people.com.cn/english/200004/07/eng20000407_38494.html.

(11.) Randall Peerenboom, “Let One Hundred Flowers Bloom, One Hundred Schools Contend: Debating Rule of Law in China,” 23 Mich. J. Int’l L. 471, 525 (2002).

(12.) Constitution of the People’s Republic of China, Article 33, Amendment 4.

(13.) Randall Peerenboom, “Law and Development of Constitutional Democracy: Is China a Problem Case?,” 19 Colum. J. Asian L. 185 (2006).

(14.) “China: The Long March to Privacy,” The Economist (January 12, 2006), http://www.economist.com/node/5389362.

(15.) Changqiu Liu, “Role of Perception, Awareness and Law in Citizen’s Personal Information Protection,” Social Science Weekly (2009) at 49.

(16.) Hao Wang, “Legal Consciousness and Root of Chinese Citizen’s Right of Privacy Protection,” Journal of Senyang Normal University (Social Science Edition) (2007) 31(1).

(17.) Tort Liability Law of the People’s Republic of China Article 2.

(18.) Qianzhe Wang, “On the Constitutional Establishment of Right to Privacy,” Legal System and Society (2011) 23.

(19.) Jian Shi, “Reflection and Reconstruction of Criminal Investigation Procedure,” Social Sciences Journal of Colleges of Shanxi (2004) 16(8).

(20.) OpenNet Initiative, Internet Filtering in China (2009), http://opennet.net/research/profiles/china-including-hong-kong.

(21.) Constitution of the People’s Republic of China Article 40.

(22.) Constitution of the People’s Republic of China article 1, article 4, article 28, article 36, article 51, and article 54.

(23.) State Security Law, art. 11.

(24.) State Security Law, art. 18.

(25.) State Security Law, art. 10.

(26.) Penal Law of China, art. 311.

(27.) Law of the People’s Republic of China on Guarding State Secrets, art. 28.

(28.) “China Passes New Law Allowing Secret Detentions,” CNN (March 14, 2012), http://edition.cnn.com/2012/03/14/world/asia/china-criminal-law/; see also “Article 73 Sparks Controversy on Secret Detentions,” Caixin (March 12, 2012), http://www.caixinglobal.com/2012-03-12/101015879.html.

(29.) “Golden Macro Economy, Golden Tax, Golden Customs, Golden Finance, Golden Cards, Golden Auditing, Golden Insurance, Golden Agriculture, Golden Bridge, Golden Quality, Golden Travel, Golden Medical” Sina (2009), http://tech.sina.com.cn/it/2009-09-15/20423440557.shtml.

(30.) One intranet for internal use, one extranet connected with the Internet.

(31.) Government portal site.

(32.) Basic Population Information Database, Basic Legal Person Information Database, Natural Resource, Space and Geography Information Database, Macro Economy Information Database.

(33.) Jeffrey Seifert et al., “Using E-Government to Reinforce Government–Citizen Relationships: Comparing Government Reform in the United States and China,” Social Science Computer Review, Vol. 27, No. 1, http://unpan1.un.org/intradoc/groups/public/documents/un-dpadm/unpan043654.pdf.

(34.) National Health and Family Planning Commission of the PRC, “Q&A: Guiding Opinions on Accelerating Population Health Information Construction” (2013), http://www.nhfpc.gov.cn/guihuaxxs/s10742/201312/2519dea9a4b14318a0736881116275ee.shtml.

(35.) Cao Yin, “ID Cards May Carry Fingerprint Data,” China Daily (Oct. 25, 2011), http://www.chinadaily.com.cn/china/2011-10/25/content_13966191.htm.

(36.) Built according to Interim Measures for the Administration of the Basic Data of Individual Credit Information.

(37.) “Individual Credit Information Database Covers 570 Mln Persons,” Xinhua News Agency (August 30, 2007),http://www.china.org.cn/china/national/2007-08/30/content_1222501.htm.

(38.) A Notice for Collection of Data in the Name of Security Inspection from Inner Mongolia Public Security Bureau (Retrieved: March 7, 2012).

(39.) Ibid.

(40.) Templates found in the compressed file (Retrieved: March 7, 2012), http://huhehaote.cyberpolice.cn/news/2008-10-8-102831.rar.

(41.) Ibid.

(42.) The State Council’s Opinion on Promoting Innovative Development of Cloud Computing and Breeding New Business Patterns of Information Industry (2015), http://www.sic.gov.cn/News/473/5471.htm.

(43.) Accounting Law of the People’s Republic of China, art. 35.

(44.) Invoice Management Measures of the People’s Republic of China.

(47.) Notice of the State Administration of Taxation on Printing and Distributing the Opinions on Promoting Application of Tax Control Devices and Cashiers (2004), http://www.chinatax.gov.cn/n810341/n810765/n812193/n812983/c1202387/content.html.

(50.) Notice of the State Administration of Taxation on Printing and Distributing the Opinions on Promoting Application of Tax Control Devices and Cashiers (2004), http://www.chinatax.gov.cn/n810341/n810765/n812193/n812983/c1202387/content.html.

(51.) Tax Control Device for the Golden Tax Project (2006), http://www.csj.sh.gov.cn/pub/xxgk/zcfg/swzsgl/200609/t20060907_284636.html.

(52.) Invoice Management Measures of the People’s Republic of China, art. 23.

(53.) Regulation on Telecommunications of the People’s Republic of China, art. 7; see also Regulation on Internet Information Service of the People’s Republic of China, arts. 4 & 14.

(54.) Changzhou Municipal Measures of Administration of Data Center, art. 15; see also Baoding Municipal Measures of Security Administration of Data Center, art. 15.

(55.) Notice from Langfang Public Security Bureau on Further Implementing Security Measures for Nonprofit Internet Service Providers (2011).

(56.) Regulation on Internet Information Service of the People’s Republic of China, art. 14.

(57.) Provisions on the Technical Measures for the Protection of the Security of the Internet, art. 10.

(58.) Provisions on the Technical Measures for the Protection of the Security of the Internet, art. 9.

(59.) Provisions on the Technical Measures for the Protection of the Security of the Internet, art. 16.

(60.) Regulations on the Administration of Business Sites of Internet Access Services, art. 23.

(61.) Wang Na, “Real Time Monitoring on Computers in Internet Cafe to Be Installed within the Year” (2006), http://www.china.com.cn/zhuanti/2006/wldd/txt/2006-05/14/content_6208216.htm.

(62.) Interim Measures for the Trading of Commodities and Services through the Internet, art. 30.

(63.) Ibid. art. 29.

(64.) Measures for the Administration of Internet E-mail Services, art. 3.

(65.) Collection Template for Email Service found in the compressed file (Retrieved: Mar. 7, 2012), http://huhehaote.cyberpolice.cn/news/2008-10-8-102831.rar.

(66.) Interim Provisions on the Administration of Internet Culture, art. 20.

(67.) Interim Provisions on the Administration of Internet Publication, art. 22.

(68.) Provisions for the Administration of Internet News Information Services, art. 21.

(69.) Management Provisions on Electronic Bulletin Services in Internet, art. 14.

(70.) Several Provisions on Regulating the Market Order of Internet Information Services, art. 11.

(71.) Lea Yu and Xuyan Fang, “100 Million Usernames, Passwords Leaked,” Caixin (December 29, 2011), http://www.caixinglobal.com/2011-12-29/101016125.html.

(72.) “12 Detained or Punished over Fabricating Massive Leak of Online Personal Data” People’s Daily Online (January 11, 2012), http://english.people.com.cn/90882/7701857.html.

(73.) John Markoff, “Surveillance of Skype Messages Found in China,” The New York Times (October 1, 2008), http://www.nytimes.com/2008/10/02/technology/internet/02skype.html.

(74.) For details of the department see http://yq.people.com.cn/service/index.html.

(75.) State Security Law of the People’s Republic of China, art. 26; Criminal Procedure Law of the People’s Republic of China, art. 4.

(77.) Anti-Money Laundering Law of the People’s Republic of China, art. 3.

(78.) The Measures on the Administration of Client Identity Identification and Materials and Transaction Recording of Financial Institutions, art. 3.

(80.) Director’s Speech on Financial Intelligence in 2005 (Retrieved March 7, 2012), http://www.camlmac.gov.cn/com/info.do?action=detail&id=180.

(81.) Administrative Measures for the Financial Institutions’ Report of Large-Sum Transactions and Doubtful Transactions, arts. 7, 8, and 17.

(82.) “A Survey and Suggestion on the Anti-Money Laundering Report System (December 31, 2011), http://www.zjfn.com.cn/infoweb/wnewsdetail.asp?id=3672; see also “More than 50 Million Suspicious Reports Received Annually,” 21st Century Network (December 14, 2011), http://finance.jrj.com.cn/2011/12/14092411827388.shtml.

(83.) See CAMLMAC Introduction (Retrieved March 7, 2012), http://www.camlmac.gov.cn/com/info.do?lmId=15&action=query.

(84.) Measures for the Control of Security in the Hotel Industry, art. 6.

(85.) Shanghai Municipal Detailed Rules for Public Security Administration in Hotel Industry, art. 11.

(86.) See Beijing Wen Tong Technology Co., Ltd., Solution for Hotel Security Information System (2010), http://www.99rfid.com/fangan/NewsList.Asp?DonforType=62800286807201010251610.

(87.) Interim Measures for the Administration of Air Transport Itineraries/Receipts of E-tickets, art. 23.

(89.) Regulation on the Administration of Entertainment Venues, art. 2.

(90.) Ibid. arts. 15, 32.

(91.) Ibid. arts. 25, 32.

(92.) Measures for the Public Security Administration of Entertainment Venues, art. 26.

(93.) GWU Professor Donald Clarke even said, “The courts are not necessarily where you would go to seek justice in China.” This is particularly true if a criminal case, or if public or state security is involved. As noted earlier, courts always accept what the police prepare.

(94.) Guiding Opinion on Construction of E-Government and provincial Informatization § 2.

(95.) Law of the People’s Republic of China on Anti-money Laundering, art. 5; Statistics Law of the People’s Republic of China, art. 25.