Strengthening and improving legislation for the protection of individual privacy in Internet activities was the main focus of the Fourth Annual Forum on City Informatization in the Asia-Pacific Region (CIAPR IV), held earlier this month in Shanghai.

Such measures are vital for the Internet industry to develop rapidly and soundly, and to coordinate it with the development of the Chinese market economy, attending experts agreed.

Professors Zhang Xinbao of Renmin University of China and Mei Shaozu of the University of Science and Technology Beijing, and Dr. Zhou Hanhua of the Chinese Academy of Social Sciences delivered reports on the challenges posed by Internet development, the protection of rights to privacy and the need for related legislation.

Illegal collection, misuse and trading of individual data are rampant in China, they said, and netizens' awareness of the need for self-protection is low. For example, anyone applying for an e-mail address is required to fill in an application form, and few users question how that information is used.

Zhang Xinbao conducted an investigation that showed that the Chinese versions of main portal websites and commercial websites made their own policies on privacy protection. There are no standards or regulations on which they base these policies, although some do refer to international practice. Still, said Zhang, "they did much better than the government websites in this regard."

Different language versions, even within a single website, employ different privacy protection policies, noted Zhang. The level of privacy protection in the English versions is somewhat higher than that of the Chinese versions.

Currently, the protection of Internet privacy rights mainly depends on industry self-discipline, which all software producers and Internet service providers (ISPs) should utilize, said the experts.

Website operators with low awareness of privacy protection must be made to understand their responsibilities under both civil and criminal law, they agreed. An operator could be charged with violating privacy rights directly or indirectly, such as by publishing information that infringes on those rights.

Moreover, there are many Internet technologies easily used by hackers or by the websites themselves that pose a threat to privacy rights. Typical examples of this "spyware" are cookies and Trojan horse software.

A cookie is a simple program used by almost all websites to record users' web activities. The experts suggested that laws should be enacted requiring that websites disclose their use of cookies and restricting their uses. Trojan horses are security-breaking programs disguised as something benign: for example, a user downloads a file that he or she desires, but when the file is opened it unleashes a dangerous program that erases the computer's hard drive, sends the user's credit card numbers and passwords to a stranger or lets the stranger hijack the computer for illegal uses. Software like this, said the experts, should be strictly forbidden.

At present, to promote growth of the Internet industry amid an internationally competitive environment, Chinese lawmakers have shown a comparatively tolerant attitude toward Internet privacy protection. Service providers and operators will not be punished unless they make a very serious "mistake." But experts at the forum expressed their hope that China will learn from the experience of foreign countries in this regard and improve the protection of Internet privacy rights.

In 1986, for example, the US Congress passed the Electronic Communications Privacy Act, which enumerates situations, exceptions and responsibilities with regard to illegally obtaining, accessing and divulging communications information and other matters of individual privacy. In October 1997, the Clinton administration issued a report entitled "Framework for Global Electronic Commerce," in which protection privacy, particularly that of children, was set out as a basic principle. It endorsed private efforts to create self-regulatory privacy protection systems, stating that consumers should be informed of what is being collected and how it will be used so they can bar or limit reuse of personal data.

In 1999, the European Union issued the "Guidelines for the Protection of Individuals with Regard to the Collection and Processing of Personal Data on Information Highways" and the "Recommendation on Invisible and Automatic Processing of Personal Data on the Internet Performed by Software and Hardware." These measures provided users and operators/service providers with the principles for protection of privacy and formed the basis for a unified system of enforcement.

(China.org.cn by Li Jingrong, May 28, 2004)