Reed Smith Client Alerts

On November 30, 2018, the Network Security Protection Bureau of the PRC Ministry of Public Security (MPS) published the draft “Guideline for Internet Personal Data Security Protection” for public comments1.

Authors: Amy Yin

This draft guideline applies to all personal data holders, including data controllers and data processors. It provides detailed guidelines on topics such as how to manage personal data and what technical measures and operating procedures should be adopted for personal data protection matters.

Effective from November 1, 2018, China’s new “Regulation on the Internet Security Supervision and Inspection by Public Security Organs” (公安机关互联网安全监督检查规定) granted broad powers with the MPS to protect, supervise and administer cybersecurity affairs.

Although the draft guideline does not directly set forth statutory obligations for network operators, it will be used by the MPS as the official guidelines when supervising, administering and inspecting network service providers and online users to check their compliance with the cybersecurity law’s personal data protection requirements and relevant regulations, including national standards for personal data protection.

Currently, the public may submit their comments on the draft guideline by email to or by fax to 010-66262319. The deadline for submitting comments is not specified, but such consultation periods usually last around one month.

1. See

Client Alert 2018-243