On November 7, 2017, the Standing Committee of the National People’s Congress of China published the second draft of the E-commerce Law (the “Second Draft”) and is allowing the general public an opportunity to comment through November 26, 2017.
The Second Draft applies to e-commerce activities within the territory of China. One significant change from the first draft is that the Second Draft omits the first draft’s definition of “personal information” of e-commerce users and the detailed requirements concerning the collection and use of personal information of such users. Instead, the Second Draft would require that, when collecting and using personal information of users, e-commerce operators comply with rules established under the Cybersecurity Law of China and other relevant laws and regulations.
Pursuant to the Second Draft, e-commerce operators would be required to provide users with clear methods and procedures for accessing the users’ information, making corrections or deleting the users’ information, or closing user accounts. Also, e-commerce operators would be restricted from imposing unreasonable conditions on users when they request access, correction or deletion of information, or closure of their accounts.
The Second Draft also would require operators of e-commerce platforms to adopt measures, technological and otherwise, to protect network security, and to adopt contingency plans for cybersecurity incidents. In the event of an actual cybersecurity incident, an operator of an e-commerce platform would be required to immediately put its contingency plan into action, take remedial measures and report the incident to the relevant authorities.