16 November 2017
The National People’s Congress (‘NPC’) announced, on 7 November 2017, that the NPC Standing Committee had issued a second draft of the Electronic Commerce Law (‘the Draft’). The Draft applies to e-commerce activities that encompass domestic and cross-border trade over electronic networks and addresses the utilisation and protection of e-commerce data and information, customer protection, data and privacy protection and fair competition. In particular, it significantly expands the obligations of operators by referencing the Cybersecurity Law of 2016 in the context of collecting and using the personal information of e-commerce users.
Michael Tan and Lynn Zhao, Partner and Associate respectively at Taylor Wessing LLP, told DataGuidance, “As we know, 11 November is the day of the the big online shopping festival in China. In our view, apart from the NPC’s internal legislative plan, another reason why the NPC chose to issue the Draft right before 11 November would be to trigger more attention and discussion around e-commerce operators and consumers.”
The NPC published its first draft of the Electronic Commerce Law on 26 January 2017, amidst various laws and regulations being enacted by different authorities that affected the Chinese e-commerce market. The first version was submitted as the first comprehensive law in relation to e-commerce. Following a consultation, the NPC has promulgated the Draft for discussion to further regulate China’s online consumer market.
After the Draft has been passed, e-commerce operators will need to strictly inspect and adjust their operations to ensure compliance
Tan and Zhao highlighted, “The initial draft listed some obligations for e-commerce operators in relation to the [protection of personal information]. The Draft will replace such provisions with a simple reference to the data protection clauses under the Cybersecurity Law, effective as of 1 June 2017. Moreover, it will require e-commerce operators to provide users with clear methods and procedures for accessing, correcting and deleting users’ information or closing user accounts, and prohibits them from imposing unreasonable conditions on users for these actions. Through this provision, the Draft will provide a more strengthened protection of the personal information of e-commerce users than the first draft […] We would expect that, after it has been passed, e-commerce operators will need to strictly inspect and adjust their operations to ensure compliance with the law.”
The Draft also proposes to strengthen consumer protection in e-commerce by prohibiting fraud, such as manipulating positive comments on products and services and posting misleading descriptions. Moreover, it modifies marketing requirements to oblige that the word ‘advertisement’ be displayed next to the commodities or advertised services in a prominent position.
Xun Yang, Of Counsel at Simmons & Simmons LLP, concluded, “I believe that the Draft, if passed, would be good news for [consumers and] most online shops because it would drive away online operators that sell products or services by posting fraudulent or misleading information, particularly because consumers heavily rely on product/service descriptions and transactional histories when purchasing online. E-commerce has developed very rapidly in China, which has given birth to giants such as Alibaba and JD.com. The Government does not intend to regulate e-commerce businesses too much in order [to avoid] restricting their development.”
CLAUDIA STRUGNELL | Junior Privacy Analyst