Answer: Violations of the Personal Information Protection Act may be subject to administrative penalties. At present, the legal database of PKU Law does not publish any administrative litigation cases involving administrative penalties under the Act.
Article 66 of the Act sets out the administrative penalties that companies or individuals who fail to comply with the handling of personal information may be subject to by the Chinese government, including an order to make corrections (i.e. a formal notice requiring corrections to achieve compliance), a warning (i.e. a formal warning of the violation), confiscation of the proceeds of the violation (i.e. the revenue obtained from the violation of personal information protection, most typically the revenue obtained from the operation of the network by software app companies in violation of the regulations ), an order to suspend the use of the application (i.e. a formal notice to stop using the software application), an order to cease operations (i.e. a formal notice requiring the cessation of the company’s production or operations), a fine of up to RMB one million (i.e. a fine imposed by a government department depending on the seriousness of the nature of the violation and the consequences arising from it), and a possible fine of between RMB 10,000 and 100,000 for the individual responsible (i.e. a fine on the company personnel responsible for handling personal information are subject to a personal fine).1Article 66 of the Personal Information Protection Act Where personal information is handled in violation of the provisions of this Law, or where personal information is handled without fulfilling the obligations for the protection of personal information as provided for in this Law, the department responsible for the protection of personal information shall order rectification, issue a warning, confiscate the illegal proceeds, and order the suspension or termination of the provision of services for the application that handled personal information in violation of the Act; if it refuses to rectify the situation, a fine of not more than one million yuan shall be imposed; and the directly responsible supervisors and other persons directly responsible shall be fined not less than ten thousand yuan and not more than one hundred thousand yuan.
China has never had a Personal Information Protection Act in the past, so the awareness of personal information protection is very low from individuals to enterprises to the government. After the implementation of the Personal Information Protection Act, it is likely that the government will take a gradual approach to the enforcement of the Act, with warnings and orders for correction for first-time violators. However, it is important to note that a second violation after an administrative penalty may constitute a criminal offence.
During the transitional period until 31 December 2023, there should be no risk of a violation of the Act for foreign invested companies communicating with overseas personal information recipient. If a contract is still not in place by 1 January 2024, it may constitute a violation. As the level of compliance and enforcement of the Act increases, some government agencies or public utilities should also become more aware of the need to protect personal information. For example, it would now be illegal for some regional government departments to publish the personal photos and ID card information of old scoundrels in places such as bus buses or train stations, or for post offices not to take measures to conceal personal addresses and contact details on individual delivery notes.
Mr. Dong Wang has been in practice for over 20 years, specializing in business law, including employment law, commercial law, company law, and intellectual property law. Mr. Wang has earned respect and trust from his clients due to his professionalism, fidielty, and kindness.
Email: wangdong@royalaw.com
- 1Article 66 of the Personal Information Protection Act Where personal information is handled in violation of the provisions of this Law, or where personal information is handled without fulfilling the obligations for the protection of personal information as provided for in this Law, the department responsible for the protection of personal information shall order rectification, issue a warning, confiscate the illegal proceeds, and order the suspension or termination of the provision of services for the application that handled personal information in violation of the Act; if it refuses to rectify the situation, a fine of not more than one million yuan shall be imposed; and the directly responsible supervisors and other persons directly responsible shall be fined not less than ten thousand yuan and not more than one hundred thousand yuan.