The top legislature on Friday approved rules to enhance the protection of personal information online and safeguard public interests, requiring Internet users to use real names to identify themselves to service providers when signing web access agreements.
The decision on strengthening online information protection, which has the same legal effect as a law, was adopted by lawmakers at the closing meeting of a five-day session of the Standing Committee of the National People's Congress (NPC).
The move is meant to "ensure Internet information security, safeguard the lawful rights and interests of citizens, legal entities or other organizations and safeguard national security and social public interests," according to the decision.
The 12-article decision includes an identity management policy requiring Internet users to use their real names to identify themselves to service providers, including Internet or telecommunications operators.
"Network service providers will ask users to provide genuine identification information when signing agreements to grant them access to the Internet, fixed-line telephone or mobile devices or to allow users to post information publicly," the decision says.
Network service providers will strengthen management of information released by users, the decision says.
Service providers are required to instantly stop the transmission of illegal information once it is spotted and take relevant measures, including removing the information and saving records, before reporting to supervisory authorities, the decision says.
It empowers supervising departments to take technical and other necessary measures to prevent, stop or punish those who infringe on online privacy, requiring relevant service providers to give support during investigations.
Citizens who find network information that discloses their identity or infringes upon their own rights, as well as those who suffer harassment from promotional messages, have the right to demand service providers to delete related information or take other necessary measures to stop such practices, it says.
The decision says authorities will protect digital information that could be used to determine the identity of a user or that concerns a user's privacy.
It bans any organizations and individuals from obtaining people's personal digital information via theft or other illegal means, as well as prohibits them from selling or illegally providing the information to others.
Violators can face penalties, including the confiscation of illegal gains, license revocations and website closures, as well as a ban on engaging in the web-related business in the future, according to the decision.
The decision also specifies norms and duties for network service providers regarding the collection, use and protection of citizen's personal digital information.
Service providers will explicitly state their goals, means and scope when collecting or using information, release related rules and obtain owners' consent before obtaining the information.
Network service providers and other government-sponsored institutions and companies should strictly ensure the privacy of personal digital information, it says.
The decision bans service providers, as well as government agencies and their personnel, from leaking or damaging users' digital information, as well as from selling or illegally providing this information to others.
Network service providers are also responsible for taking measures to ensure the safety of information during business activities and adopt countermeasures when information is leaked, damaged or lost, it says.
To tackle surging public complaints regarding spam messages, the decision bans any organization and individuals from sending commercial digital information to fixed-line phones, mobile phones or personal email addresses without consent.
The decision also encourages the public to report illegal activity involving online information to supervisory departments.