Editor's note: While the Internet offers great opportunities for businesses due to the extensive range of customers, copyright piracy is a global challenge for content providers. In addition to protecting their own content, businesses are also challenged by the protection of customer data in today's online world. How do rights holders effectively protect copyrighted works in China? Given the fact that in China most websites do not have a formal privacy policy, how do Internet users expect the Chinese legal framework to protect their personal privacy?

Richard W. Wigley, a consultant of King & Wood's IP Litigation Group in Beijing, gives a comparison of laws and practices in China and the United States on copyright enforcement and privacy protection over the Internet.

China Business Weekly will publish the article in the following weeks. Wigley introduced China's copyright protection situation in previous parts of the article. Below is the fourth part of it and he will talk about protecting online data privacy in China.

Some minor changes have been made to the author's original article for editorial purposes. The views expressed here are the author's own.

When online businesses in China look to monetize their content, gaining personal data on consumers is crucial in effective marketing of products and services over the Internet. Though there may be limited implementation of online privacy policies by Chinese websites, Chinese online citizens still, to varying degrees, have expectations of personal privacy as they traverse the Internet.

These expectations may seem reasonable as various aspects of personal privacy are protected under the Constitution of the People's Republic of China. Specifically relating to individual correspondence, Article 40 of the Constitution provides that personal correspondences are protected by law. For electronic correspondences, such as those on the Internet, these are protected under Section 7 of the Regulations on the Administrative and Protection of Computer Information and Network Security (Network Security Regulations). That said, however, under Sections 8 and 13 of Network Security Regulations, online service providers must turn over relevant personal data to government authorities when illicit activities are suspected.

Under the 14th Amendment to the US Constitution, citizens are guaranteed the right to personal privacy. This right, however, in relation to online data privacy is not overly regulated and protection is somewhat limited. Outside of online communications of minors (Children's Online Privacy Protection Act or COPPA) and protection of health care records (Healthcare Insurance Portability and Accountability Act or HIPPA) there exists limited statutory protection for the privacy of online data. Additionally, in regards, to HIPPA, Candeub notes that "patients whose HIPPA rights are violated have no real recourse", as, though "thousands of complaints" have been made over the history of the statute, only a "handful of fines" have been issued.

Additional privacy protection can, however, be found at the State level, such as the State of California with its Online Privacy Protection Act (OPPA). This Act defines strict guidelines which require that websites have prominently displayed and well-defined privacy policies and, perhaps most importantly, the Act applies to any website that collects personal data from a citizen of the State of California. Such Acts, in concert with Federal regulations give online citizens a certain expectation of data privacy protection.

Similar to the power given to the government in China to have access to personal Internet correspondences under the afore-mentioned Network Security Regulations, in the United States the Electronic Communications Privacy Act (ECPA), though protecting oral and electronic communications made via communications networks, gives the government the right to subpoena personal e-mails when it can show probable cause in relation to a crime being committed. The latitude of the US government to subpoena personal e-mails was later expanded with the enactment of the Patriot Act. Unlike the Regulations in China, however, the ECPA provides extensive statutory protections of personal communications over the Internet and, as such, provides a sound legal basis for protection of said rights.

There are, however, ongoing efforts within China to draft a personal data protection law, which would provide protection against misuse of personal information both on the Internet and in off-line activities. This effort is led by Professor Zhou Hanhua of the China Academy of Social Sciences (CASS) and the work group is expected to release a draft of said law in 2008.

Sensitive/inappropriate material

All websites inevitably must monitor the content contained therein to ensure that it complies with standards of decency and the relevant laws and regulations. In China, what content is considered unacceptable is defined under Article 15 of the Administration Procedures for Internet Information Services (Services Procedures). Included is information which "opposes the Constitution", "compromises State security", "harms the dignity or interests of the State", "incites ethnic hatred or racial discrimination", "sabotages State religious policy", "disseminates rumors", "disturbs social order", "propagates obscenity, pornography, gambling, violence or incites the commission or crimes", "insults or slanders a third party or infringes upon the lawful rights and interests or a third party" or conflicts with other laws or regulations. The duty to report such violations is noted in Article 16 of the Services Procedures, but the liability of the website operator for copyright infringement is protected under the afore-mentioned Safe Harbor provisions of the Copyright Procedures, subsequent to a timely "takedown" of the offending content.

The oversight of website content is not limited to website operators, however, as Article 18 of the Services Procedures allows the State broad license to "supervise and administer the content of Internet information". The Ministry of Culture claims the right to oversee Internet content under its publication in 2003 of the Interim Rules for the Administration of Internet Culture. Article 17 of these Provisions outlaws similar contents, as seen in the aforementioned Procedures, while Article 18 imposes civil liability on those entities which post said content. As with the Services Procedures, Article 20 of the Provisions removes liability for those websites that remove said content in a timely manner, but they must keep records of the offending content.

In the US, the Communications Decency Act or otherwise known as Title V of the Telecommunications Act of 1996 defines the standards for what constitutes "indecency" on the Internet and the relevant regulations.

In regards to providers of Internet services, Section 230 of Title V notes that it is the "publishers" of the offending content and not the service providers who will be held liable for the offending acts. Because the right to freedom of speech is upheld by the US Constitution, only that material which is deemed to be patently offensive will be viewed as indecent and, as such, subject to removal and/or penalties. However, for those individuals/enterprises that knowingly transmit such offensive material to persons under the age of 18 years, criminal penalties are applicable.

(China Daily 12/15/2008 page9)