Except in cases where, to meet the needs of State security or of criminal investigation, the public security or procuratorial organs are permitted to censor correspondence in accordance with the procedures prescribed by law. Although the Constitution does not specifically address the protection of privacy or personal data protection, it acknowledges the privacy of communication and safeguards the personal privacy generally.
In the General Principles of the Civil Law, privacy has not been stipulated as an independent right yet. In 1998, the Supreme Court promulgated a judicial interpretation named Opinions on Several Questions Concerning the Implementation of the General Principle of Civil Law, in which breach of privacy is treated as defamation. However, while privacy is one of independent civil rights, the indirect way of protection is not complete and comprehensive.
The seventh amendment of the Criminal Law, entered into force on 28 February 2009, imposes criminal liability on any staff member of an entity or a state organ who sells or illegally provides personal information of citizens, collected during the said organ’s or entity’s performance of duties or provision of services. This amendment generally applies to financial, telecommunicational, transportational, educational, medical and other sectors relating to personal information. If the circumstances are serious, the person who misappropriates personal information shall be sentenced to fixed-term imprisonment not more than three years of criminal detention, and/or be fined.
Apart from the protection of personal information regulated in basic laws, a series of legislation has been enacted to secure the privacy protection on the Internet, such as Measures for the Administration of Protecting the Security of International Connections to Computer Information Network (1997), Regulations of the Administration of Internet Information Services (2000), Interim Measures for the Administration of the Basic Data of Individual Credit Information (2006) and Measures for Administration of E-mail Service on Internet (2006).
Specifically, the Ministry of Industry and Information Technology (MIIT) issued a new regulation to protect personal data named Several Provisions on Regulating Market Orders of Internet Information Services. The Provisions entered into force on 15 March 2011, which appears to subsume two measures previously promulgated by MIIT: the Interim Measures for Supervision and Management of the Internet Information Service Market (12 January 2011), and Administration Provision on Internet Information Services (27 July 2011). Then, the MIIT released the Guidelines for Personal Information Protection within Public and Commercial Services Information Systems on 21 January 2013. Before 2011, the enactment of several regulations on protecting personal data, existing legal instruments in China were inadequate to provide a proper data protection level for the Chinese People, and a high-level, comprehensive and effective data protection act was required (Kong, 2010).