Recent Regulatory Requirements in The Field of Information Protection
The relevant regulatory authorities recently issued several drafts and notices to strengthen regulatory requirements in the field of information protection. These were about regulating financial marketing activities, protecting financial consumer rights, and strengthening the security management of financial mobile application software. Below are the main relevant laws and regulations. On December 27, 2019, The People’s Bank of China (“PBOC”) issued the Implementing Measures of the People’s Bank of China for the Protection of Financial Consumers’ Rights and Interests (Draft for Comments) for public consultation. The Draft provides clarification regarding information collection, disclosure and notification, usage, management, storage and confidentiality, deletion and correction, cross-border transmission, and outsourcing service management, and further strengthens the right to know and the right to information autonomy. In addition, the Draft specifies the requirements for cross-border transfer of consumer financial information which adopts two major conditions, i.e. the information should in principle be stored domestically, and the recipient should be an affiliate of the financial institution. In the second half of 2019, the PBOC issued the Notice on Issuing Financial Industry Standards and Strengthening the Security Management of Finance Client-side Mobile Application Software (“Financial App Notice”), and also released the financial industry standard Mobile Financial Client-side Application Software Security Management Specifications (JR / T 0092-2019, “Specifications”). The Financial App Notice requires financial institutions to strengthen the security management of financial Apps. On December 20, 2019, the PBOC, the China Banking and Insurance Regulatory Commission, the China Securities Regulatory Commission, and the State Administration of Foreign Exchange, jointly issued the Circular on Further Regulating Financial Advertising and Promotional Activities (the “Marketing Circular”). From the perspective of preventing the misuse of the personal information of financial consumers and protecting the legitimate rights and interests of financial consumers, the Marketing Circular puts forward specific requirements for financial marketing activities.