It was a good idea, I suppose. China’s Ministry of Industry and Information Technology (MIIT) felt compelled to respond after the recent ugly battle between rival domestic firms Tencent, which runs the mega-popular QQ instant messaging platform, and Qihoo 360, an anti-virus software company. The fight, which was getting out of control and threatened to leave many users of both products without effective anti-virus protection, ended when the government stepped in late last year.
The kerfuffle started with this:
At the end of September 2010, Qihoo 360 accused Tencent’s QQ instant messaging software for leaking users’ private data, and then launched privacy protection software targeting QQ. This became the fuse of the war between Qihoo 360 and Tencent. Since then, Tencent has published statements for several times, stating that Qihoo 360’s action is malicious slander and a violation of business rules.
The Chinese Internet media and e-commerce firm Tencent . . . announced that it will shut down its instant messaging service QQ on computers that installed the anti-virus software run by Qihoo 360, marking the escalation of the war between the two software giants in China.
Tencent said in a statement popping out on screens of QQ users that 360 Safe recently launched a new service, which allegedly hijacks QQ’s security module and affects the normal functioning of QQ. With 360 Safe installed, Tencent will not be able to protect the accounts of users, the company states. Therefore, to avoid the computer desktops of users being turned into a battlefield, it has made this “hard” decision.
The crap was flying in large volumes there for a while there before the government intervened. Apparently the MIIT believed that it wasn’t enough to stop this particular war, but that a more systematic approach was called for. Enter the new draft regulations.
Quick disclaimer at this point. To make things easier for blogging, I’m working off of English-language press reports and English excerpts from Marbridge Consulting. The official draft regulations are only in Chinese at this point, as is the case with all new laws, so if you are looking for a complete English version, you’ll have to wait a while.
The first problem I have with this new regulation is the timing. The spat between Tencent and Qihoo was very recent, and there simply hasn’t been sufficient time for MIIT to come up with a good piece of legislation in this complicated area of the law. Perhaps some of the language had been sitting around on someone’s desk at MIIT for the past couple of years, but it’s very clear that these rules are being peddled as a direct response to the Tencent-Qihoo fight. Take a look at the lede in the China Daily writeup:
China’s Ministry of Industry and Information Technology (MIIT) Friday unveiled a draft regulation intended to deter unfair competition on the Internet after a spat between China’s two top Internet firms, Tencent and Qihoo 360, triggered a public outcry last year.
A lot of great legislation has been written as a response to market disruptions, so I’m not saying that this by itself is a bad thing. However, agencies really shouldn’t pull the trigger on new laws with this sort of rapidity.
At the risk of coming off sarcastic (perish the thought), I believe some calm reflection, study and debate might be called for before circulating a first draft. Yes, the draft will eventually be revised after comments are received, but an agency should not just throw out the first thing that leaps into their minds and hope that the drafting and revision process fixes it in the end.
Anyway, that’s my problem with the process. I also think the content of the new regulation leaves a lot to be desired. Let’s take a look at some of the language (thanks again to Marbridge for these English excerpts).
The press here in China has reported these new rules as focusing on Internet unfair competition. The headline from China Radio International hits this note directly: “China Drafts Rule Against Unfair Competition in Cyberspace,” while Shanghai Daily states that this is “a new draft to regulate the information service industry and ban unfair competition.” The actual name of the regs is not particularly helpful in determining legislative intent: Provisional Regulations for Maintaining the Social Order of the Online Information Services Market; on the other hand, the use of “social order” does suggest that the Tencent-Qihoo spat made a lot of people very uncomfortable.
The actual language of the rules is a strange amalgam of unfair competition, data privacy and defamation, and in this sense fails as a robust, standalone piece of legislation. It also is a strange hybrid of both general prohibitions that could apply to a large number of IT firms as well as very specific restrictions that seem to have been developed from the Tencent-Qihoo situation.
Article 6 of the draft regulations reads a lot like the Unfair Competition Law and includes, among others, the following prohibitions:
1. Disseminating false information or malicious rumors about competitors’ legal products or services that damages the reputation of the competitor or its products;
2. Offering products that are incompatible with competitors’ products without reasonable grounds or authority;
These acts are obviously covered by existing laws. That first restriction on defamation is also covered to some extent by the Anti-unfair Competition Law, the Civil Law, and the new Tort Liability Law. The Consumer Law also would give rise to third-party claims for these acts. Suffice it to say that these new regulations tread on some very well-traveled legal ground.
That being said, the draft regulations also deal with some very new issues that the law does not, as yet, address. Data privacy and security is one area that has suffered from a lack of legislation for many years, and the new rules contain several related provisions:
Article 12 prohibits online information service providers from collecting or storing users’ personal data. If private data is required for identification or needed for the service to operate, then the user must be clearly informed as to the content and purposes for which the data will be used.
Article 13 states that providers are legally responsible for keeping users’ personal data confidential and should increase system security accordingly. No organization or individual should have access to said data except for legal purposes.
Article 14 requires providers to guarantee the security of user data (including documents, images, music, videos, etc.) and guarantee users’ rights to modify or delete said data at any time.
We’ve been waiting for that sort of language for a long time, but in the form of a data privacy regulation, not this complicated intermingling of several areas of the law.
There are three reasons why this hodge-podge is a bad way to go. First, there are bound to be turf battles, something that MIIT seems to be drawn to for some reason. For example, the State Administration of Industry and Commerce (SAIC) has broad authority over the actions of companies, including unfair trade practices. Setting up the MIIT as a competing regulator is a recipe for confusion.
Second, these new rules jump the queue of legal reform that other agencies and the central government have been working on for some time. Over the past couple of years, we’ve had a new wave of reform of China’s intellectual property laws, starting with the Patent Law and soon to be followed by revisions to the Trademark Law in the immediate future. The Copyright Law will probably be next, and a lot of folks have already made noises that the Anti-unfair Competition Law should also be made a priority. MIIT should think long and hard before wading into this area with overlapping rules.
Third, the new rules might end up putting the brakes on, or at least complicate, legislative efforts in related IT areas. For example, a standalone data privacy law would seem even less necessary following promulgation of these rules than it is now. I would much rather see MIIT develop a well thought out set of regulations that deal comprehensively with data privacy issues than to see the issue pop up as merely one area of concern for a narrow type of Internet company dispute.
So what should be done going forward? Three recommendations:
1. Dump the broad unfair competition language and leave that to the next iteration of the Anti-unfair Competition Law. MIIT can, and should, put its own opinions forward on that front when the time comes.
2. Get rid of the defamation provisions. China law in this area is already confusing and unsettled, particularly with respect to online defamation, and this would needlessly complicate matters.
3. Take out the data privacy language in favor of a standalone data privacy regulation. The danger with that of course is that we end up with nothing at all on data privacy, but I’d be willing to take the chance if it means some movement on an issue that has been stagnant for many years.
4. Leave in the specific, Net company restrictions that inspired this whole thing to begin with. Here’s a good example:
Article 9 further protects user rights by prohibiting providers from:
1. Installing, operating, upgrading, or uninstalling software on user devices without consent, or compelling or misleading users into using the provider’s services;
2. Failing to include an uninstall option, or leaving executable code or other documents on the user devices after uninstallation;
This type of restriction/mandate is quite narrow and is squarely within the authority of MIIT. Go with your strengths and leave the rest out before you make the lives of numerous agency staff, judges and IT lawyers miserable.