The emergence of the E-commerce law in a mature market

With the e-commerce law now fully effective, what is expected next? First, we will see how e-commerce platform operators will cooperate with e-commerce operators to protect IP rights and crack-down on illegal activities.

Published on 31 July 2018 and effective since 1 January 2019, the e-commerce law was in 2018 the main law to follow in Mainland China for businesses with online activities in relation with the e-commerce ecosystem, whether it be the operation of an e-commerce platform or the operation of an e-commerce shop. Direct successor of the Administrative Measures for Online Trading (The Measures) published by the State Administration for Industry and Commerce on 26 January 2014, the e-commerce law is meant to enhance regulating the e-commerce ecosystem and to provide guidance on how the Mainland China digital economy should steer. Among the new provisions of the e-commerce law, we will in this article focus on data protection, cybersecurity, taxation and intellectual property protection that are a neat addition to the Measures.


Where is data protection?

The lack of dedicated provisions on data protection in the e-commerce law can, at first sight be unsettling. After all, Article 18 of the Measures was already providing that online e-commerce operators and their staff must strictly keep confidential and may not divulge, sell or illegally provide others with the data and information about personal information of consumers. Considering that data protection for personal information has been on the rise on a global scale during 2018, is the e-commerce law at odd, with this global trend, only relinquishing personal information protection as a general principle under its Article 5?


Data protection, far from being discarded by the e-commerce law, has in fact relegated to other laws and regulations. Article 23 of the e-commerce law states that when collecting and using user’s personal information, an e-commerce operator shall abide by the provisions regarding the protection of personal information, as stipulated in laws and administrative regulations. If this article when taken alone seems vague, we can take a glance at the previous draft of the e-commerce law, in particular its Article 20, to have a clearer idea of what type of law or regulation to look for. When done so, Article 20 refers to the Cybersecurity Law as an example of applicable laws and administrative regulations.


From this it is easy to extrapolate that Article 23 refers to all and any laws and regulations that would provide for the protection of personal information, such as the Cybersecurity Law, the Consumer Law, the Advertisement Law, as well as administrative regulations with data protection provisions. From this angle it makes sense that the e-commerce law does not directly mention the Cybersecurity Law anymore, as it is meant to be paired with more laws and regulations. Solely naming the Cybersecurity Law would have led some e-commerce operators to solely focus on the Cybersecurity Law, missing out compliance with other applicable laws and regulations. Finally, we have confirmation that the e-commerce law Article 23 is still directly intertwined with the Cybersecurity Law through Article 79, directly stating that violations of the protection of personal information in laws and administrative regulations shall be punished according to the laws and administrative regulations such as the Cyberspace Security Law of the People's Republic of China.


Relegating Cybersecurity

An intriguing article in the e-commerce law regards technical measures and other necessary measures that must be taken by e-commerce platform operators to guarantee the safety and normal operation of its network, prevent illegal crimes from being committed online, effectively respond to cyber security events and safeguard the security of e-commerce deals set in Article 30.


Article 79 of the e-commerce law states that where an e-commerce operator refuses to fulfil obligations of ensuring cybersecurity, set out in Article 30 hereof and in applicable laws and administrative regulations, it shall be punished according to laws and administrative regulations such as the Cyberspace Security Law of the People's Republic of China. While the subject of this article seems to have switched from an E-commerce platform operator to an e-commerce operator, the fact that it binds together Article 30 with the Cybersecurity Law is undeniable.

It allows us to determine that a company, whether e-commerce operator or e-commerce platform operator, to comply with Article 30 of the e-commerce law must comply with the various requirements of the Cybersecurity Law on cybersecurity. Among which is the compliance with the MLPS framework that is currently being drafted by the Ministry of Public Security.


To be kept updated on cybersecurity requirements, we strongly suggest following the development of the draft Guideline for Internet personal information security protection which is meant to impact personal information lifecycle processes in conjunction with the Cybersecurity Law, the first draft of which was released on 30 November 2018.


Regulation and taxation

Perhaps as expected, the e-commerce law adds provisions on the taxation of E-commerce operators that were lacking in the Measures. All E-commerce operators should now register themselves as market subjects and fulfil their tax obligations as per Article 11, although some operators can be excluded from this obligation under Article 10 if they belong to any of the following categories:

  • „ sell self-produced agricultural and sideline products 
  • sell family handicrafts 
  • are individuals taking advantage of their own skills to engage in labor activities for the convenience of people and odd small-amount transaction activities that do not require any license under the law 
  • other circumstances under which no registration is required under laws and administrative regulations


Interestingly, E-commerce platform operators have a supporting role to play in the taxation of E-commerce operators. As per Article 28 they are required to actively warn E-commerce operators that have not registered themselves as market subjects about handling such registration. They need also to cooperate with the department for market regulation in providing convenience to E-commerce operators for their market subject registration.


Together, these articles form an effective double-edged obligation to greatly reduce the amount of non-registered e-commerce operators. By ensuring that each and every e-commerce operator is made aware of its obligations under law and by the e-commerce platform operator on which its business is engaged, the law ensures a greater amount of registration of e-commerce activity and thus, a higher amount of collected taxes.


Pushing intellectual property protection forward

The e-commerce law through Articles 41 to 45 brings intellectual property protection concerns directly under the supervision of the E-commerce platform operator. With potential fines between RMB 50,000 and RMB 500,000 or when an infraction is considered serious, between RMB 500,000 and RMB 2 million as per Article 84 for E-commerce platform operators not willing to cooperate on the protection of intellectual property.


First an e-commerce platform operator ought to set in place rules on the protection of intellectual property rights and strengthen its cooperation with intellectual property right owners as per Article 41. Such cooperation could take multiple forms, like a pro-active approach to IP rights protection through the use of IP infringement seeking algorithms. However, the e-commerce law directly provides for a few cooperation channels that are mandatory and to which the E-commerce platform operator can add a supplementary layer. For example, an E-commerce platform operator is by Article 45 required to take necessary measures, such as deleting or blocking relevant information, disabling relevant links and terminating transactions and services when informed that an e-commerce operator is infringing intellectual property.


It is an interesting approach to IP protection, where the e-commerce law provides IP owners with direct remediation means through the e-commerce platform. Although implementation remains to be observed, this new cooperation and complaint channel could greatly bolster practical IP protection in Mainland China.


What is next?

With the e-commerce law now fully effective, what is expected next? First, we will see how e-commerce platform operators will cooperate with e-commerce operators to protect IP rights and crack-down on illegal activities. It will also be interesting to follow how e-commerce platform operators will cooperate with the State on the establishment and use of a public data sharing mechanism as described under Article 69 and how it could, in the future, synergize with the expected Social Credit Score.

For more information, please contact us:

Dr. Zhong Lin

Managing partner

Chen & Co. Law Firm

Direct: + 86 21 2228 8358


Galaad Delval

Data protection officer, CIPP/E

Chen & Co. Law Firm

Direct: + 86 21 2228 8330


All files