By Jerry Liu
On June 28th, 2016, PRC State Internet Information Office issued Regulations for the Administration of Mobile Internet Application Information Services (these "Regulations"), which will become effective on August 1st, 2016. These Regulationsaim to strengthen the administration of the mobile internet application ("App") information services, promote the healthy and orderly development of the industry, and protect the legitimate rights and interests of App users, App developers and operators, App stores, and other related individuals and entities.
These Regulations define Apps, App owners and operators ("App Operators"), and App stores/platforms ("App Stores"), and set forth obligations on App Operators and App Stores. These Regulations also empower the national and local levels of Internet Information Offices the jurisdiction and authority to supervise and administer nationwide and local, respectively, App information services.
With respect to App Operators, in addition to requiring the App Operators to obtain all relevant licenses and permits under the applicable laws and regulations, these Regulations also require App Operators to strictly comply with information security obligations, establish and improve the information security protection mechanism for protecting users' right of information and of choice during the installation and use of the Apps, and protect the intellectual property rights. Specifically, an App Operator is required:
(1) to carry out registered users' identity verification by using such means as the users' mobile phone numbers, based on the principle of "real name on the back-end, and voluntary choice on the front-end";
(2) to establish and complete the protection mechanism of the users' information, collect and use the information in a legal, appropriate, and necessary way, and explicitly inform the users the purpose, method, and scope of information collection and use, and obtain the consent from the users;
(3) to establish and complete the content review mechanism, and implement measures, such as warnings, function restriction, upgrading suspension, account closure, and save the records and report to the relevant authorities;
(4) to protect the users' right of information and right of choice, during the installation and use of the APP, and, without explicitly noticing the users and obtaining the users' consent, shall not turn on such functions as geolocation collection, access to the address book, camera, recording, or other functions unrelated to the APP service, and shall not bundle and install other unrelated applications;
(5) to respect and protect intellectual property rights, and shall not produce or release any APP infringing the intellectual property rights of others; and
(6) to record the user log, and keep such information for 60 days.
For App Stores, an App Store must be filed with the provincial level Internet Information Office, within 30 days of its online operation. These Regulations require App Stores to enter into service contracts with App Operators, setting forth each party's rights and obligations, and comply with applicable laws and regulations and platform terms and policies. In addition, these Regulations impose on App Stores obligations to supervise and manage App Operators—specifically, an App Store is required:
(1) to conduct authenticity, security, and legality reviews on the App Operators, establish credit management system, and conduct categorized filings with their local provincial Internet Information Offices;
(2) to supervise and urge App Operators to protect users' information, provide and present to users complete notes on how the App will obtain and use the users' information;
(3) to supervise and urge App Operators to publish legitimate information, establish and complete security review mechanism, and stuff professionals compatible to the service scale; and
(4) to supervise and urge App Operators to publish legitimate Apps, respect and protect the intellectual property right of App Operators.
For any App Operators violating the above provisions, the App Store is required to, based on the seriousness of the violation, take such measures as warning, publishing suspension, and App de-shelfing, and keep records and report to the authority in charge.
Our reading of these Regulations is that they are still very general in nature, and how they are implemented in practice remains to be seen. We will provide updates in due course if and when any implementing measures or rules are released.
