On 2 January 2019, the Ministry of Public Security of the People’s Republic of China (MPS) issued the Rules on Collection of Electronic Data by Public Security Bureau When Handling Criminal Cases (MPS Rules). The MPS Rules took effect on 1 February 2019.
We previously issued an alert on the Rules on Electronic Data Collection,Extraction and Review in Criminal Cases (Electronic Data Rules) promulgated in September 2016. The Electronic Data Rules consolidated the rules regarding electronic data collection and set out the powers of three authorities (public security bureaus (PSB), procuratorate offices and the courts) on the collection, extraction, review and transfer of electronic data. The MPS Rules do not supersede the Electronic Data Rules but instead modify and clarify the powers and procedures of the PSB for data collection in criminal cases.
1. Narrowed scope of extractable online data – The MPS Rules specify the scope of online electronic data that can be extracted by the PSB in criminal cases. The PSB cannot collect and extract data from outside China unless such data is already in the public domain.
2. Use of evidence collected by other government authorities – The PSB may use electronic data collected and extracted by other government authorities in their investigations and enforcement of administrative cases as evidence in criminal cases.
3. Assistance from technical personnel – The MPS Rules allow government investigators to appoint or engage third-party professional technical personnel to collect and extract data under the investigators’ direction and instruction.
What it means for companies in China
A significant development in the MPS Rules is the removal of the PSB’s ability to collect overseas electronic data for criminal cases.
The Electronic Data Rules explicitly allow Chinese authorities to collect and extract electronic data which original storage medium is located outside China or on a remote computer information system through online extraction. The relevant provisions authorize Chinese authorities to access data stored in offshore systems when conducting criminal investigations. This has caused data security concerns for multinational corporations operating in China as they regularly need to exchange data or information with their overseas offices. However, the modification in the MPS Rules only applies to collection of data by the PSB in criminal cases and excludes data already in the public domain. As the Electronic Data Rules are still effective, it is still possible for the Chinese authorities – especially authorities other than the PSB – to collect overseas electronic data through online extraction.
Although the PSB’s ability to collect online evidence now excludes overseas data, other changes brought on by the MPS Rules strengthen the PSB’s investigation powers. The PSB is now able to use electronic data collected by other government authorities in criminal cases. For example, according to the Interim Provisions on Procedures for Imposing Administrative Penalties in Administration for Market Regulation issued by the State Administration for Market Regulation on 21 December 2018 (effective on 1 April 2019), the Administrations for Market Regulation (AMR) are entitled to collect electronic data in law enforcement activities through various methods such as data imaging, photographing, and video recording. This means that the PSB can effectively use the data collected by AMR in bribery-related investigations as evidence in criminal proceedings.
The PSB's powers are also enhanced by the ability to engage professional technical personnel. This will assist PSB investigators in gaining a better understanding of a target company's IT system and data storage practices. As a result, we expect that this will allow PSB investigators to locate relevant electronic evidence more effectively and efficiently.
Actions to consider
The above changes present a timely opportunity for companies doing business in China (in particular, multinationals with local subsidiaries) to consider the following actions:
- Review internal policies relating to electronic data (e.g., IT usage, data storage and document retention) and assess any potential impact brought by the MPS Rules.
- Update relevant personnel on the new developments in the MPS Rules and provide training on how to respond to data requests by government investigators.
- Seek legal advice before submitting data as evidence in any government investigations (including investigations initiated by administrative authorities (e.g., commercial bribery investigations by the AMR).
- When facing criminal investigations by the PSB, be prepared to involve IT experts to understand and facilitate the requests and steps taken by the investigators and their appointed external technical personnel.
- Closely monitor the data collection activities by the government investigators in both criminal and administrative investigations, if possible.
- Review internal policies and implement training on how to be prepared for dawn raids and investigations by government authorities.