Top regulator takes first steps toward safeguarding data

In August, China's top internet regulator issued a guideline on the protection of juveniles' personal information. The move came after a number of cases in which children had been harmed by the release of private data online.

The Cyberspace Administration of China said the guideline is a milestone in safeguarding children's legitimate rights online, because it aims to prevent infringement from the roots, and calls for more bodies and individuals－including government agencies, internet enterprises and parents－to guarantee children's safety, starting with the protection of privacy.

In recent years, China has seen a growing number of cases in which children have been damaged by leaks of personal information online, either intentionally or by accident.

For example, in Anhui province, information about many children, such as names and health status, was leaked by hackers who attacked a hospital's computer system and posted the details on a website.

The media also reported that people had paid 32,000 yuan ($4,584) to access more than 200,000 pieces of information－such as home addresses－related to children ages 1 to 5 in Shandong province.

While some data was inadvertently released by children who had poor awareness of privacy protection when surfing the internet, other information was posted by parents on social media or even gained illegally by hackers, according to Sun Hongyan, an official with the China Youth and Children Research Center.

"Compared with the small number of regulations that focus on the protection of children's personal data, the boom in educational smartphone applications has seen abundant information collected, which poses great risks to the safety of juveniles," she said.

The situation prompted officials to produce the guideline, which for the first time clarifies the responsibilities of internet service providers regarding the collection, storage, use, transfer or disclosure of children's personal information.

It stipulates that online service providers must inform children's guardians about the information they collect or use, and such collection and use must be authorized by the guardians.

Meanwhile, internet service providers are required to formulate their own rules about the protection of minors' personal data and establish departments to ensure it is protected.

The cyberspace administration regards the guideline as the first step toward safeguarding online data security for children.

It said it is working with technology companies and government departments to further study ways of accurately confirming guardians' identities, but stressed that the task is huge.