Gabriela Kennedy, Partner, and Joshua Woo, Registered Foreign Lawyer (Singapore), Mayer Brown, summarise the CAC’s recent draft regulations, which are aimed at strengthening government control over the news, protecting the rights and interests of internet users – including minors – and reinforcing national security and public order.

On 2 March 2022, the CAC issued draft regulations on the administration of internet pop-up push notifications (Draft Regulations). The Draft Regulations were issued pursuant to a number of laws, including the Cybersecurity Law of the People’s Republic of China. 

The Draft Regulations were designed to further tighten government control over the news following a human trafficking controversy that erupted on Chinese social media after a woman was found chained by the neck in Xuzhou last month, as well as the invasion of Ukraine. 

However, the regulations also address other aspects of push notifications – including prohibition of algorithmic models that profile minor users and encourage user addiction. This is in keeping with the Chinese government’s broader efforts to reduce the influence of Big Tech, and aligns with the recently issued Internet Information Service Algorithmic Recommendation Management Provisions that came into force on 1 March 2022.

The Draft Regulations

Scope of application

The Draft Regulations apply to all owners and operators of operating systems, terminal devices, application software, websites and other such services (Service Providers) that provide push notification services (Push Notification Service Providers) in the Mainland.

Types of prohibited information

Various categories of prohibited information in push notifications include: 

1. Illegal and negative information as defined in the Provisions on Ecological Governance of Network Information Content (the Provisions) that includes content which:

  • opposes the basic principles established by the constitution
  • endangers national security, divulges state secrets, subverts state power or undermines national unity
  • harms national honour and interests
  • distorts, defames, desecrates or negates the deeds and spirit of heroes and martyrs, or infringes upon the names, likenesses, reputations, or honours of heroes and martyrs by insulting, slandering or otherwise
  • advocates terrorism or extremism, or incites the commission of terrorist or extremist activities
  • incites ethnic hatred or ethnic discrimination, undermining ethnic unity
  • undermines the state’s religious policy, or advocates cults and feudal superstitions
  • spreads rumours and disrupts economic and social order
  • spreads obscenity, pornography, gambling, violence, murder or terror, or instigates crimes
  • insults or slanders others, or infringes upon the reputation, privacy and other lawful rights and interests of others
  • uses exaggerated headlines, where the content is seriously inconsistent with the title
  • hypes up scandals, bad deeds and so forth
  • improperly comments on natural disasters, major accidents or other disasters
  • contains sexual innuendo, sexual provocation or other such elements that are likely to cause people to have sexual associations
  • displays bloody, frightening, cruel or other such acts that cause people physical or mental discomfort
  • incites crowd discrimination, regional discrimination and so forth
  • promotes vulgar or kitsch content
  • uses content that might cause minors to imitate unsafe conduct or conduct that violates social morality, or which induces minors to have bad habits and so forth
  • other content that has a negative impact on the network ecology, or
  • other content prohibited by laws or administrative regulations.

2. Information that violates public order and good customs, such as malicious speculation, entertainment gossip, extravagance and ostentation of wealth, and distasteful information. 

3. Information that maliciously stirs up old news.  

4. Content that hypes up sensitive events, exaggerates vicious content and disasters, and incites social panic. 

Push notifications containing news reports are required to adhere to additional rules, including a requirement for the source of news to come from the list of 1,358 government-approved news sources published by the CAC in October 2021. 

This means that news reports from unlicensed sources such as private institutions and individuals cannot be included in push notifications. 

Accordingly, Push Notification Service Providers need to ensure that push notifications of news reports do not alter the original meaning and content of sanctioned headlines, and are traceable to the original source. 

They are also required to obtain approval from the relevant source before publishing news content in push notifications. 

Collectively, these prohibitions are very broad and enhance the risks of breaching the law when pushing prohibited news-related notifications – or information that may be construed to fall within the above categories.

Responsibilities of Push Notification Service Providers 

Push Notification Service Providers will be required to put additional processes in place in order to comply with the Draft Regulations.  

One such requirement is for them to set up a manual review system to analyse screening, editing, pushing of content and other related work processes. Together with the content prohibitions highlighted in ‘Types of prohibited information’, above, they have to review the guidelines, policies and processes they have in place when vetting pushed content. 

Push Notification Service Providers are also expected to prioritise user protection and to: 

  • clearly inform subscribers of the content and frequency of their push notifications, as well as how subscriptions to their push notifications can be cancelled
  • refrain from differentiating between ordinary users and users who are members when determining the frequency of their push notifications
  • not interfere with users closing pop-up push notification windows
  • clearly display the identity of the relevant Push Notification Service Provider in push notifications
  • conspicuously mark ‘advertisements’ to notify users of their nature
  • allow notifications for advertisements to be closable with one click
  • prohibit push notifications that contain links or QR codes to third-party sources, and
  • establish complaint and reporting avenues.

The Draft Regulations also provide further guidance on the use of algorithmic models for push notifications, in concert with the Internet Information Service Algorithmic Recommendation Management Provisions that came into force earlier in March. 

This prohibits Push Notification Service Providers from using algorithms that induce users to consume excessively or to violate laws and regulations, and which are not ethical, and from abusing personalised push notifications such as leveraging algorithms to block or over-recommend information. 

To protect minors, algorithms must not be abused to target minors or to subject minors to information that adversely affects their physical or mental health.

Penalties

Penalties under the Draft Regulations include warnings, fines, suspension of push notifications and even suspension of business operations.

Conclusion 

The Draft Regulations apply not just to news organisations, but to all Push Notification Service Providers – including any service providers with a mobile application, such as shopping centres, banks, gaming companies, food delivery companies and so on.  

In summary, all companies with websites accessible in the Mainland, or mobile applications downloadable from PRC mobile application stores, should review their use of push notifications and associated policies, processes and guidelines. 

Gabriela Kennedy, Partner, and Joshua Woo, Registered Foreign Lawyer (Singapore) 
Mayer Brown 

Copyright © Mayer Brown March 2022 

The authors would like to thank Vanessa Leigh, Trainee Solicitor at Mayer Brown, for her assistance.