China copyright lawI spoke in Beijing last week at a conference on legal protection of sports broadcasts, organized by the National Copyright Administration of China (NCAC) and the United States Patent and Trademark Office. Other speakers included Chinese judges, Chinese and American lawyers and academics, sports league and broadcaster general counsel, and American and European IP officials. What follows is based on the speech I gave at the conference.

Copyright in sports broadcasts is not explicitly recognized in China by statute, though it has been recognized in some Chinese copyright cases. One of the ongoing debates in China copyright circles is whether explicit statutory recognition ought be given to copyright in sports broadcasts. Any such recognition would involve introducing a new class of copyright subject matter or the expansion of an existing class.

The introduction or expansion of a class of copyright subject matter is often rationalized as limiting free riding and providing an incentive to invest. In the absence of a clear sports broadcast copyright in China, one might therefore expect to find at least some evidence of market failure. However, a quick look at the business of broadcasting certain sports in China indicates a strong market — perhaps even a bubble.

Consider, for instance, Chinese Super League matches. China broadcast rights are, I understand, currently held by an associate of China Media Capital for a five-year term ending in 2021. Rights for the first two years were reportedly acquired for 300 million USD. Rights for years three, four and five were reportedly acquired for a total of one billion USD. In an indication this was a good deal for the head-licensee, Le TV committed to paying 414 million USD for a two-year sub-license, though Le TV subsequently defaulted and, as I understand it, the rights now lie with online TV service PPTV.

Now consider English Premier League matches. China broadcast rights are, I understand, currently held by Super Sports for a six-year term ending in 2020. These rights were reportedly acquired for 65 million USD. Note that this figure represents an assessment of market value made in 2013. For the three years commencing in 2020, PPTV has reportedly bid 700 million USD. This makes China the Premier League’s largest foreign broadcast market.

If these deals are any indication, the market is apparently already behaving as though sports broadcasts are protectable. But there is no proprietary foundation for this protection. The present foundation is contractual. The organizer of the game, a sports league, is the source of all rights in the game. The sports league relies on the “economics of exclusion” — the ability to monetize by controlling access to a sporting venue, in much the same way a theatrical exhibitor of a motion picture controls access to a movie theatre. In some cases, and in some courts, copyright protection has been recognized in China but a consistent jurisprudence has not emerged. The more readily available legal means of protection involve anti-unfair competition laws or the use of administrative or even criminal sanctions. Chinese tort laws and “related rights” laws are also invoked by rights holders when they fight piracy. Whatever the actual or potential legal redress for piracy may be, in assessing the applicable law in China it must be appreciated that a sports broadcast is always a special type of broadcast presenting unique challenges.

What makes sports broadcasts special is that the viewer wants to watch a game as it is played at the venue from which the broadcast is being made. The replay or the highlights are not as valuable as the live feed. The threat posed by illegal downloads after a game concludes is minimal. From a technical perspective, a live broadcast of any kind involves the compression of pre-production and post-production into a seamless and immediate production. That production, and the broadcasting of it, must occur simultaneously. Incidentally, sports leagues report that the advent of hand-held live streaming technology is not a major threat to their businesses because the quality of the stream lacks the production values of a professional broadcast.

The unique challenge of a sports broadcast is that satisfactory relief from a pirated version must be swift. It must be pre-emptive (in advance of the game) or instantaneous (well before the game ends and, ideally, within the first quarter hour). In either case, only urgent injunctive relief can ever be entirely satisfactory. Non-urgent preliminary injunctive relief will not solve the problem, and damages and accounts of profits are insufficient remedies.

Even if sports broadcasts are accorded clear and consistent protection under Chinese copyright law, it is fair to say that uniform urgent injunctive relief (as opposed to preliminary injunctive relief) is still largely beyond the capacity of the Chinese legal system. Therefore, the recognition of copyright in a sports broadcast would not, of itself, solve the underlying need for urgent relief. Still, China’s legal system in its present form does allow rights-holders to tackle repeat offenders, and the large Chinese platforms are already mostly respectful of broadcast rights anyway. In many ways, the real challenges are presented by the smaller, and often ephemeral, pirate sites. Even if these pirate sites can be identified and located, the people behind them nearly always lack substantial assets and are therefore rarely worth pursuing. To be effective in the present environment a sports league (or its local partner) needs a team of Chinese-qualified in-house litigators who understand the piracy landscape and are capable of engaging in guerrilla warfare using technological as well as legal or administrative means.

Despite the existence of these other means, despite evidence pointing to a strong market, and despite the inherent limitations of an action for copyright infringement in China, there is little doubt that explicit statutory recognition of sports broadcast copyright would provide greater certainty and support greater market efficiency. This is especially so if this statutory recognition were given to a broad-based, technology-neutral right embracing traditional broadcasting as well as streaming.

Industry stakeholders are not resisting the recognition of such a sports broadcast copyright. There is apparently a broad consensus among broadcasters and sports leagues on the issue. There is apparently no division between foreign and Chinese interests on this point either. Nor is a sports game sensitive — it is not subject to the kind of censorship, quotas, and approvals processes applicable to motion picture or episodic content. Nonetheless, there is ongoing resistance to the recognition of copyright in sports broadcasts. Resistance has arisen, I understand, because recognition of copyright in sports broadcasts would require the NCAC to change its understanding of the meaning of a copyright “work” and the applicable standards of “originality.” Absent market failure this issue is perhaps not viewed as a major priority. Whatever the reason, until the NCAC resolves this and other current issues it cannot present a coherent solution to the State Council Legislative Affairs Office (SCLAO). The SCLAO is therefore not in a position to recommend final legislation to the National Peoples Congress. The discussion has been bogged down for nearly a decade. All the while, the sports broadcasting industry is getting further and further ahead of the law.

As an important source of or influence on China’s copyright law, the Berne Convention, with its focus on works and authorship, provides a frame of reference for a consideration of the underlying problem in China. China became a party to the Berne Convention in 1992. Berne sets a number of minimum standards applicable to works and authors. A broadcast right is among those rights that must be recognized as exclusive rights of authorization. Authors enjoy the exclusive right of authorizing the broadcasting of their works.

China’s current copyright law has been in effect since 2010. It too applies to “works,” which include, among other things, works of literature, art, natural sciences, social sciences, engineering and technology, which are created in certain “forms.” With the exception of computer software, these forms are limited to specific kinds of works enumerated in the law. The sixth form in the list is “cinematographic works and works created by a process analogous to cinematography.” The ninth and final form in the list is “other works as provided for in laws and administrative regulations.” The rights comprising copyright in these works include the broadcast right. China also recognizes related, neighboring or “small” rights in other subject matter including video recordings. The protection given to these other subject matter is lower than that given to works. The standard of originality expected of a video recording is much lower than that applicable to cinematographic works.

In China, the sports broadcast copyright controversy arises for two reasons. First, because a game of sport is not generally seen as a “work,” so there is no broadcast of a work when a game is broadcast. Second, because even if it is accepted (as it is in the United States) that a broadcast always requires the simultaneous making of a recording, any such recording is insufficiently original to be regarded as a cinematographic work. There is little disagreement on the first reason. The real debate is about the second reason. The competing considerations on this point have been ventilated in the leading Chinese cases. Basically, the debate boils down to whether modern-day live broadcasts, with their professional directors, multi-camera units and advanced editing techniques, are producing content sufficiently original to qualify as a copyright work. It seems obvious to anyone with even a basic understanding of the production process that sports broadcasts are a form of entertainment every bit as sophisticated and entertaining as motion picture or episodic content, the originality of which is already recognized in China.

It will be seen, then, that the minimum standards of Berne, as reflected in Chinese copyright law concerning “works,” are at risk of becoming impediments to the recognition or creation of other copyright subject matter. There is an opportunity here for China to go its own way over and above minimum standards.

Other nations have, of course, gone their own ways and I want to mention two that have found instructive solutions to the problem of “works”: The United States and Australia. Both are obviously common law countries. There are many others, including civil law countries. Incidentally, as a last resort, those who oppose grafting common law principles to the Chinese legal context are fond of saying that German law is the proper source of Chinese copyright law and German law is inconsistent with the common law point of view on the points at issue. The trouble is that claims of this kind are generally made without a German copyright lawyer on hand to clarify the point. A German copyright expert would obviously make a welcome addition to future panels dealing with this issue.

The United States became a party to Berne in 1989. US copyright law is concerned with protecting “original works of authorship.” The recognized works include motion pictures and other audiovisual works. In US jurisprudence, sports games are not “authored” in the relevant sense so they are not “works.” Even so, sports broadcasts in the United States are entitled to copyright protection. The key to their protection is that the broadcasting of a game is understood as always involving the “fixing” of an audiovisual work, and the fact that this fixing occurs simultaneously with a transmission does not matter. This elegant solution was applied in 1976 and obviously did not prevent the US from later joining the Berne Convention.

Australia became a party to Berne in 1928. Australian copyright law is concerned with protecting “works” and “subject matter other than works.” The scope of protection for subject matter other than works is lower than that for traditional works, but this has not stopped them being treated as full copyright subject matter. Subject matter other than works include sound recordings, cinematograph films, and broadcasts. Copyright in a television broadcast is the exclusive right to make a cinematograph film or sound recording and to re-broadcast or communicate to the public otherwise than by re-broadcasting. The maker of the broadcast is the copyright owner. In Australia, copyright protection applies to the signal itself. There is no need to stretch the definition of “work” to include a broadcast. There is no need for the broadcast to contain a work.

These two examples demonstrate how a nation can recognize a certain type of copyright without compromising the minimum standards of Berne or being strangled by a debate about originality standards.

The sports broadcast problem could be solved in China if broadcasts were recognized as involving the fixing of a cinematographic work, of a work created by a process analogous to cinematography, or even of a video recording. Alternatively, some form of recognition could arise within the existing category of “other” works or through the mooted inclusion of a new general category of “audiovisual” works. These solutions would involve minimal disruption to China’s existing copyright system. All they would require would be an acknowledgement that a modern sports broadcasts satisfies a minimum standard of originality. It would not be necessary for a game of sport to be deemed a copyright work. Ultimately, though, these solutions would need to embrace a broad-based, technology-neutral definition of broadcast and they would need to depend on continued improvement in the availability and efficacy of urgent injunctive relief for copyright infringement.

Picture for China Cybersecurity law 101

China’s Cybersecurity Law (CSL) became effective on June 1, 2017 and it regulates the construction, operation, maintenance and use of networks, as well as network security supervision and management within mainland China. The Cyberspace Administration of China (CAC) is the primary governmental authority supervising and enforcing the CSL.

The CSL regulates cybersecurity from different aspects, including network operation security, network information security, as well as monitoring, early warning, and emergency responses.

1. Network Operations Security

Under the CSL, all network operators are required to perform the following duties to protect their networks from interference, damage, or unauthorized visits, as well as to prevent data leaks, thefts or falsification:

  • Create internal security management systems and operating policies, appointing dedicated network security persons;
  • Adopt technological measures to prevent computer viruses, cyber-attacks, network intrusions and other harmful activities;
  • Monitor and record network operational status and network security incidents, and retain relevant network logs for at least six months;
  • Take measures to classify data, back up and encrypt important data.

The CSL states that China has (or will have) a tiered network security protection system and network operators must perform the above duties to ensure network security and to meet the requirements of such a system. This indicates network operator obligations vary depending on their tier.

China currently has two existing network security related tiered protection systems. One is the Computer Information Systems Security Tiered Protection (计算机信息系统安全等级保护制度), the other is Telecommunication Networks Security Tiered Protection (通信网络安全分级保护制度), though the contents of these two overlap regarding network security. Both of these protection systems put computer information systems or telecom networks into five levels of protection, depending on a system’s importance in national security, economic development, and social life, and potential damages to these aspects in the event of network interference. Whether the tiered system mentioned in the CSL will be similar to these two existing systems or a completely new one is not yet clear. But these systems and related national standards likely will be helpful guides to understanding the concept of China’s tiered protection system.

Critical Information Infrastructure Operators

Critical information Infrastructure (CII) and CII operators must comply with more stringent requirements on top of those applicable to all network operators. The CSL provides for the State to implement key protections for CII in public communication and information services, power, traffic, water, finance, public service, electronic government affairs, and other CII that may endanger national security, national welfare and the people’s livelihood, or the public interest in the event of destruction, malfunction or data leakage. No clear definition of CII is found in the CSL and the catchall language leaves plenty of room for interpretation.

However, there is a Network Security Check Practice Guide (网络安全检查操作指南, the “Guide”) created by the CAC[1] before the CSL became effective that may give some guidance in determining CIIs. The Guide lists out fourteen industries[2] and a few key businesses in each industry. If a network or information system is mainly used to support any of these key businesses in  corresponding industry and meets other specific conditions, such a network or system will likely be deemed to be a critical information infrastructure.  For example, online shopping is a key business in the telecommunication and the Internet industry, according to this Guide. One of the conditions for a platform to be determined as a CII is that the platform has more than 10 million registered users or more than 1 million active users.

Though a clear definition and scope of CII have not yet been clarified, the CSL does require CII operators comply with the following, in addition to the requirements for all network operators:\

— Annual security assessment

CII operators shall review their networks’ security and assess potential risk at least once a year, either by themselves or through a third-party service provider.

— Procurement Security Review

When purchasing network products and services, CII operators must sign a security and confidentiality agreement with their vendor, clearly setting out the duties and responsibilities for security and confidentiality. If a vendor procurement may impact national security, CII operators must also go through a national security review by the State network administration (CAC) and other relevant departments of the State Council. The Security Assessment Measures for Network Products and Services provides further details in this regard, which became effective on the same day as the CSL.

— Data localization

CII Operators are required to keep within mainland China all personal information and important data collected and generated within mainland China. They are not allowed to transmit such data overseas without firs passing a security review.

The Draft Data Transfer Measures released in April 2017 (“First Draft”) appear to expand the scope of undertakings for such data localization and security review requirements to non-CII operators, which raised concerns for many foreign companies doing business in China. In a revised draft of the First Draft in May (“Second Draft”), this localization requirement was removed. The Second Draft focuses only on security assessment of cross border data transfer.

— Other requirements

Other requirements for CII operators include the following:

  • Set up dedicated security management and persons responsible for security management, and conduct security background checks on those responsible persons and of personnel in critical positions.
  • Regularly educate, train, and evaluate employees on cybersecurity;
  • Back up important systems and databases in preparation for disasters;
  • Establish emergency response plans for network security incidents and perform drills periodically; and other obligations by law or administrative regulations.

2.  Network Information Security

“Network Information Security” essentially refers to the protection of personal information collected and stored by network operators. All network operators are subject to the following requirements when collecting and using personal information:

  • Maintain strict confidentiality of collected user information.
  • Collect and use personal information legally, properly, and only to the extent the collection is necessary.
  • Disclose the purpose, method, and scope of collection and use, and obtain consent from the person whose personal information is to be collected; personal information irrelevant to the service provided shall not be collected.
  • Networker operators shall not disclose, alter, or destroy collected personal information.
  • In the event of data breach or a likely data breach, network operators must take remedial actions, promptly inform users, and report to the competent government agencies according to relevant regulations.
  • In case of illegal or unauthorized collection and use of personal information, a person is entitled to ask a network operator to delete such personal information; when information collected is wrong, an individual can request correction.

3. Monitor, early warnings and Emergency Response.

 In terms of establishing cybersecurity monitoring, early warnings of potential risk and emergency response plans, the CSL also sets out the responsibilities of the CAC, network operators, local government, and industry specific departments.

[1] We found different versions of this Guidance on the Internet (websites of universities, local governments, etc.), each of which claims to have been released by the CAC. However, the CAC website did not itself have its own guidance on its website when we looked for it.

[2] The different versions of the Guidance we saw are substantially similar. As for the industries listed, one version includes education, news websites, and commercial platforms as key businesses industries, while another does not have these three lists 11 industries. We refer to the former version only for the purpose of this blog post.

Amazon lawyers
How to keep duplicates off Amazon

American and European companies that have their consumer products made in China constantly have to contend with their own products or a counterfeit of their own products showing up on Amazon. Our lawyers frequently get inquiries from companies that sell their products on Amazon and have seen their sales fall by 30 to 80 percent because they are now having to compete with duplicate/counterfeit products sold on Amazon. These inquiries spiked when Amazon started encouraging Chinese companies to sell their products on Amazon.

The following are five key things you can do to reduce the risk of your product showing up on Amazon and to better position yourself to remove those products if they do show up.

  • File for United States Trademark Protection. Amazon is quick to remove products that clearly violate a registered U.S. trademark. If you ask Amazon to remove a product because it “duplicates” yours, but it does not use your trademark, Amazon virtually never will do so. This is true even if the offending product violates one or more of your patents. In our experience, Amazon typically will not take down cloned products without a court order. 
  • Block your China Manufacturer From Competing with you. In Your China Factory as your Toughest Competitor we noted how our China attorneys have become fond of pointing out to our clients, “since you will essentially be educating your Chinese manufacturer in how to compete with you, you need contracts that will at least limit what it can do when it does so.” The most deadly copiers of all are those that are literally making your exact product. How do you compete with that if they are selling it for 50% less than you are?
  • Copyright your key photos in the United States or in China or in both countries. Counterfeiters are often lazy. It never ceases to amaze me how often Chinese copiers will use our client’s own photos (oftentimes downloaded straight from Amazon) on Amazon to sell their products. We have on many occasions been able to remove entire listings because the photo or photos on those listings violate our client’s registered copyright in either the United States or in China. Technically, in both the United States and in China, you do not need a registered copyright to hold the copyright to a photo, but you are far more likely to get a listing removed from Amazon for copyright infringement if you have a registered copyright. A registered copyright in one country (either China or the United States, or even some third country) should be enough for this, but where you choose to register should depend on a whole host of factors. It is true that if you remove a listing for copyright infringement of one of your photos, the company that violated your copyright can just put up a new listing with a new photograph that does not violate your copyrights. Surprisingly enough, we have found that they generally just move on instead, either because they were blocked by Amazon from listing or because they simply choose a different product to push.  See China Copyright Law: We Need to Talk.
  • Build your brand, be distinctive, and change often. This is non-legal advice, but I have found that companies that work from day one on building their brand and their image and have well-crafted Amazon listings are simply more difficult to copy. Being difficult to copy not only means that you will be copied less often than your competitors but it also means that when copied the negative impact on your business will be less. And if you are constantly changing up what you do, you can sometimes stay at least somewhat ahead of your imitators.

What are you seeing out there?

 

China Cybersecurity law
China’s new Cybersecurity Law becomes effective on June 1
China’s new Cybersecurity Law will become effective on June 1, 2017. In addition to focusing on cybersecurity, the law also details how companies are to handle personal information and data. In determining what is allowed and not allowed for handling personal information in China, it is important to examine The Decision on Strengthening Information Protection on Networks (2012), The Guidelines for Personal Information Protection Within Public and Commercial Services Information Systems (2013), and The Provisions on Protecting the Personal Information of Telecommunications and InternetUsers (2013). There are also many industry-specific rules, including such rules for banking and credit information services. China’s new Cybersecurity Law adopts and modifies existing regulations and codifies them.

Under the new Cybersecurity Law, collecting any user’s personal information requires the user’s consent and network operators must keep collected information strictly confidential. Personal information is defined as information that can be used on its own or with other information to determine the identity of a natural person, including the person’s name, date of birth, ID card number, biological identification information (e.g. fingerprints and irises), address, and telephone number. Once such information has been de-identified, it is no longer subject to the requirement for personal information under the law.

According to the new Cybersecurity Law, network operators are subject to the following requirements when collecting and using personal information:

  • Collection and use of personal information must be legal, proper and necessary.
  • Network operators must clearly state the purpose, method, and scope of collection and use, and obtain consent from the person whose personal information is to be collected; personal information irrelevant to the service provided shall not be collected.
  • Network operators shall not disclose, alter, or destroy collected personal information; without the consent of the person from whom the information was gathered, such information shall not be provided to others.
  • In the event of a data breach or a likely data breach, network operators must take remedial actions, promptly inform users, and report to the competent government agencies according to relevant regulations.
  • In case of an illegal or unauthorized collection and use of personal information, a person is entitled to ask a network operator to delete such personal information; when information collected is wrong, an individual can request correction.

Who are the network operators to which the new law will apply? Owners of networks, administrators of networks, and network service providers. Telecom and Internet service providers, clearly, but “network” is broad enough to go well beyond that.

Networks are systems consisting of computers or other data terminal equipment and relevant devices that collect, store, transmit, exchange, and process information according to certain rules and procedures (Article 76 of the new Cybersecurity Law). If you have a couple of computers at home that can share files, and perhaps a printer connected to them, you technically have a network. The law is not likely to go that far, but the generic definitions of network and network operators leave a lot of room for interpretation, which is exactly how the Chinese government wants it.

The new Cybersecurity Law also requires critical information infrastructure operators (CIIOs) store within China personal information and important data gathered and generated within China and conduct annual security risk assessments regarding their data. Though the definition of CIIO is yet to be clarified, we already know China’s yet to be finalized Measures for Security Assessment of Personal Information and Important Data Leaving the Country will likely require foreign companies doing business in China make big changes in how they handle data. The Cyberspace Administration of China (CAC) published a draft of Measures for Security Assessment of Personal Information and Important Data Leaving the Country back in April, raising many concerns for foreign businesses operating in China.

These Measures for Security Assessment would expand the data localization requirement to all network operators. This would mean that pretty much all personal information and important data collected by network operators within the PRC must be stored within China and not leave China, other than for “genuine business need” and after a security assessment. And if you think you may be a network operator, you probably are.

Since the new Cybersecurity Law does not differentiate between internal and external networks, it is broad enough to include any company that owns an internal network. Will your China WFOE be able to transmit employee information back to its overseas headquarters? In China’s Cybersecurity Law and Employee Personal Information, we set out best practices for doing this, but that was written before publication of the Draft Measures. Should the Draft Measures become effective — as expected — our views on data transfers will almost certainly toughen. Foreign companies are already setting up data centers in China so as to be able to keep data local and many of our clients are looking at doing the same.

We have been reluctant to write much about data and privacy protection in China because existing laws are both unclear and in a massive state of flux. But because this is so important and because this reluctance cannot extend to a client who needs to know what it must do now with specific data, we plan to write more often about these topics in the weeks and months ahead.

Please stay tuned.

Editor’s Note: Sara Xia is an experienced lawyer with law degrees from Shanghai University of Finance and Economics and the University of Washington. Sara practiced law in China from 2010 to 2013 and then in 2015 she became licensed to practice law in California and 2016 in Washington. Sara recently joined Harris Bricken to assist our clients with their cyberlaw and corporate matters, mostly while working out of Seattle, Beijing and San Francisco.

China LawyersWe created a China Law Blog Group on LinkedIn to provide a spam-free forum for China networking, information and discussion. We are nearing 11,500 members and the number and — most importantly — the quality of our discussions continues to increase as well.

We have had some great discussions, as evidenced by their numbers (discussions occasionally get more than one hundred comments) and their substance. Our discussions range from the practical (“how do I open a China bank account” or ”what do I need to do to comply with China’s new work visa policies for foreigners” or “what are you hearing about China’s crackdown on xyz?”) to the ethereal (“when will China surpass the West in innovation?”)

The group’s diversity is its greatest strength. We have a large contingent of members who live and work in China and many who operate businesses there. Our LinkedIn Group also has many members who do business with China from the United States, Australia, Canada, Europe, Africa, the Middle East and from other countries within Asia. Many of our group members are China lawyers (both inside and outside China and both in-house and with private law firms) but the overwhelming majority are not. We have senior personnel from large and small companies and a whole host of junior personnel as well, again, both within China and outside China. We have professors and we have students of all levels. This mix helps inform, elevate and enlighten the discussions.

Perhaps of most importance is how we block anything and everything that resembles spam. We have become so proficient at this that virtually nobody even tries any more to inject spam into any of our discussions. Many of our members have commented on how much they appreciate our vigorous no-spam policy. I assure you that will never change or even moderate.

If you want to learn more about doing business in China or with China, if you want to discuss China law or business, or if you want to network with others doing China law or business, I urge you to check out our China Law Blog Group on LinkedIn and join up. The more people who do join our China Law Blog LinkedIn group, the better our discussions. Don’t be shy; click here and join us!

And if you are a Facebook person, we can accommodate you there as well and I urge you to check out our rapidly growing China Law Blog Facebook page. Our focus there is on anything and everything that is China relevant. Our goals with our Facebook page are to entertain and to educate and to highlight issues that for various reasons we cannot discuss elsewhere; our Facebook page most certainly does not shy away from controversy. It also most emphatically covers more than just China law and China business. We post on China politics and diplomacy, China culture and history, China travel and tourism, China food and fashion. We post on pretty much anything we find interesting that day. And we give a lot of rope to the comments and that means we sometimes (like just this morning) get complaints about them from our readers. But we are of the view that you are big kids and recognize that it is not our role to protect you from what others might say. We are rapidly approaching 17,000 “likes” of that page (and growing at approximately 1,000 a month) so so we must be doing something right. Anyway, please check out our Facebook page too, by clicking here.

And last and least, after a three year hiatus, I went back on Twitter and I even every so often post on there as well. Click here for that.

China cybersecurity lawsThe PRC government promulgated its Cybersecurity Law on November 7, 2016, with an effective date of June 1, 2017. To say that foreign tech firms are concerned about the impact of this new law on their business in China would be an understatement. In addition to tech firms, our China lawyers have received a steady stream of questions from clients with China WFOEs who are concerned about an entirely different set of issues. Article 35 of the law states that “personal information and other important data gathered or produced by critical information infrastructure network operators during operations within the mainland territory of the People’s Republic of China, shall store it within mainland China.” Our clients keep asking what this will mean for them.

The surprising answer is not much.

Any company that operates a WFOE in China collects personal information about its employees. China’s new cybersecurity law defines personal information as “all kinds of information, recorded electronically or through other means, that taken alone or together with other information, is sufficient to identify a natural person’s identity, including, but not limited to, natural persons’ full names, birth dates, identification numbers, personal biometric information, addresses, telephone numbers, and so forth.” Certainly, the standard information any company maintains on its employees will qualify as personal information under China’s new cybersecurity law.

In the EU and various other jurisdictions, such personal information must be maintained within the jurisdiction and there should be no transfer of such information across borders. This causes many problems for companies that seek to manage an international workforce through a central location.

So what clients keep asking our China attorneys is whether China’s new cybersecurity laws will establish the same sort of protective system within China? The simple answer is that it will not. China does not have a comprehensive law or regulations relating to the collection, processing or transfer of employee data gathered by a WFOE or other business entity in the normal course of its China business operations and China’s new cybersecurity law does not change that situation.

The cybersecurity law specifically provides that its personal data maintenance and collection rules apply only to critical infrastructure network operators. Network operator is defined as “network owners, managers and network service providers.” In more general terms, this means telecom operators and Internet ISPs. The requirements do not apply to the China business operations of normal private businesses with respect to their normal record keeping requirements for their employees.

Even though nothing has legally changed in China, it is still best practice for foreign companies employers in China to follow the basic rules the PRC government imposes more generally in the consumer context on the collection and maintenance of personal information, including the following:

1. Be sure the disclosing party (your employee) is aware that the company maintains personal information. The company should have a written policy (in Chinese and in English) on how long that information is maintained and that policy should be revealed to the employee.

2. You should not collect more personal information than necessary.

3. You should maintain the confidentiality of the personal information you collect and maintain. That means you should limit internal access to that information and you should take proper security measures to prevent a data breach of the company’s online systems.

4. You should not sell or otherwise transfer the personal information to any third party. Stated more bluntly, do not sell employee personal information to marketers or spammers.

China IP webinar for China lawyersOn October 18, I will be putting on a webinar, Doing Business in China: Structuring Your Deal and Protecting Intellectual Property. This webinar is aimed mostly at lawyers and it is eligible for CLE credits.

It is being put on by Commercial Law Advisors and they describe it as follows:

Who Should Attend? Corporate counsel, in-house counsel, attorneys advising companies or organizations, intellectual property attorneys.

Companies often cannot afford not to do business in China. Whether producing goods there or selling to the Chinese market, companies that engage in business with Chinese partners need up-to-date legal advice on how to protect their technology and other intellectual property (IP) interests from being counterfeited, pirated, or otherwise misappropriated. As IP theft is one of the top issues facing businesses operating in China, there are substantial risks companies must identify and address proactively to protect their valuable IP assets. Deals made in China can threaten IP rights not just in China, but in markets around the world. Understanding the Chinese IP landscape and how to manage the pertinent issues can go a long way to safeguarding your client’s valuable IP interests.

Please join Dan Harris as he explores the nuts and bolts of constructing a good business deal with a Chinese partner, what your agreements should include, and how to manage the Chinese IP rights framework to minimize your client’s IP-related risks.

WHAT YOU WILL LEARN
This webinar will cover:

How to choose a good Chinese partner
Identifying the IP assets that need protection
How to structure your deal
Drafting your deal papers
Drafting China employee contracts to protect your IP
IP registrations: What you should know about trademarks, patents, copyrights, and licensing agreements

China Law Blog readers who use promo code cw16dbc will receive $35 off. Go here to register.

I hope to “see” you there.

China SaaSCountless foreign software companies wish to deliver their software as a service (SaaS) to China. But since China requires commercial ICP licenses for commercial Internet services within China and generally forbids foreign enterprises from obtaining such licenses, directly providing SaaS through a server in China is typically not possible for foreign software companies.

So what can be done? How can a foreign software company get its software to China’s consumers via SaaS? Two methods for providing foreign SaaS in China have been developed. These methods depend on whether the server will be located outside of China or within China. If the server is located outside of China, we use the reseller model. If the server is located within China, we use the license model.

Many foreign software companies waste a lot of time and money in searching for or trying to develop a third model. Many Chinese companies — out of either ignorance or greed — encourage such searching and trying.

In the reseller model, the foreign SaaS provider brings on one or more resellers in China. At a minimum, the reseller locates customers for the foreign company’s SaaS product. The reseller provides the ultimate customer with a user name and password that allows the customer to connect to the foreign server hosting the SaaS product. The reseller collects the fee from the customer and deducts and pays applicable Chinese business and income taxes and then remits the remaining amount to the foreign software provider.

Though very common, this SaaS reseller system does not strictly comply with Chinese law, since the Chinese Government has never reviewed or approved the software content. However, to date, the Chinese government has permitted the reseller model to be used. This reseller model is permitted because it includes the following safeguards that protect the interests of the Chinese government:

  • Access to the offshore server can easily be blocked by using China’s Great Firewall. If the SaaS content is not acceptable to the PRC government or if the SaaS is used for an unacceptable purpose, the connection to the offshore  server can and will be blocked with no prior notice. This happens regularly in China, often to SaaS/cloud products that seem innocent on the surface. The risk of being blocked is therefore the most significant risk in using the reseller model. Some SaaS is at much higher/lower risk of being blocked than others and part of our role as China lawyers is to help our clients analyze this risk.
  • The reseller is liable under Chinese law for the content of the SaaS product. The reseller is not treated as a neutral, ISP type entity; the reseller is treated as though it is the developer of the SaaS product. This is true even where completely independent third parties are the source of content on the SaaS platform. More important, the reseller is liable for quality as well as content. Consider the potential liability here: some SaaS platforms are used for off site medical diagnosis. What happens if the diagnosis is wrong and the patient is injured or dies? The reseller is potentially liable.
  • All applicable taxes are withheld and paid. Through the reseller approach, the PRC government is able to impose double taxation. Taxation first on the income of the reseller and then taxation on the income remitted to the foreign software company. This access to tax revenue results in a more accommodating regulatory response from the Chinese government, but also in lower income for the foreign software provider.

There are several reasons foreign SaaS providers decide they must locate their server in China. Many do so for the generally faster service speed and connection reliability. Others do so to lower their risk of having their software blocked. Some simply cannot find reliable resellers willing to take on the substantial work and risk. Foreign software companies that use a Chinese server do so via a licensee model.

Under the licensee model, the foreign software company does not directly offer its SaaS product in China nor does it directly control the China server. It instead licenses its software platform to a Chinese entity. that obtains the commercial ICP license that allows for offering the SaaS service to Chinese customers through a Chinese server.

The minimum terms of this sort of SaaS Licensing Agreement are as follows:

  • The Chinese licensee owns the ICP license. Acquiring a commercial ICP license is expensive, and the licensee must pay all the costs. Because of the considerable expense, it is difficult to find Chinese companies willing to take on the financial burden of acting as a licensee.
  • The licensee owns the URL that provides access to the server.
  • The licensee holds a license for the entire content of the SaaS platform software. As with resellers, the licensee is liable for the content and performance of the software.
  • If the SaaS platform is hosted on a cloud server, the licensee has the the contractual relationship with the cloud service provider.
  • The licensee has direct contact with and collects the income from the customers The licensee pays a license fee to the foreign software provider under normal license royalty rules.
  • Since the server is located within China, the Chinese government has the right to access the content of the server at any time.

As the above discussion makes clear, neither the reseller model nor the licensee model are ideal solutions for companies wanting to provide SaaS to China. Most of our foreign SaaS developer clients have used the reseller model successfully. However, the licensee model has been the only solution for some of our clients. For example, for SaaS software that will be used by a Chinese government institution such as a hospital or university research center, Chinese government regulation normally requires the SaaS software be housed on a server located in China. The same rules typically apply for SaaS software used by PRC banks and other financial institutions. Since these situations require a server located in China, the licensee model is the only choice available.

Bottom Line: If you are a software company looking to sell your SaaS software in China, you can do so using either the reseller or licensee model.

China LawyersWe started a China Law Blog Group on Linkedin to create a spam-free forum for China networking, information and discussion. We have more than 11,000 members and the number and quality of our discussions continues to increase as well.

We have had some great discussions, as evidenced both by the numbers (discussions sometimes get 50-100 comments) and on their substance. Our discussions range from the practical (“how do I open a China bank account” or ”what do I need to do to comply with China’s work visa policies) to the ethereal (“when will we know China is taking innovation seriously”).

The group’s diversity is its greatest strength. We have a large contingent of members who live and work and do business in China and a large contingent of members who do business with China from the United States, Australia, Canada, Europe, Africa, the Middle East and other countries in Asia. Some of our members are China lawyers, but the overwhelming majority are not. We have senior personnel (both China attorneys and executives) from large and small companies and a whole host of junior personnel as well. We have professors and we have students. All of these mixes help elevate and enlighten the discussions.

I am, however, proudest of how we block anything that even resembles spam from ever showing up on our site. We have become so proficient at this that virtually nobody even tries to inject spam into any of our discussions. Many of our members have commented on how much they appreciate this.

If you want to learn more about doing business in China or with China, if you want to discuss China law or business, or if you want to network with others doing China law or business, I urge you to check out our China Law Blog Group on Linkedin and join up. The more people in our group, the better the discussions.

We will see you there. Click here and join us.

And if Facebook is your thing, please check out our rapidly growing China Law Blog Facebook page, where we post anything and everything that is China relevant. Our focus there is to educate and to entertain and that means we post about more than just China law and China business. We post on China politics and diplomacy, China culture and history, China travel and tourism, China food and fashion; really on just about anything we find interesting that day. More than 12,000 people “like” us there so we must be doing something right, so please check out our Facebook page too, by clicking here.

And last and least, after a three year hiatus, I went back on Twitter and I even occasionally post there as well. Click here for that.

China stock optionsThe China lawyers at my firm have been experiencing a big uptick in the number of companies and individuals contacting us after having been offered stock in a Chinese company as an alternative to payment in cash. This swapping of stock for pay is a relatively new phenomenon, so I want to explain how it works and, most importantly, why it cannot work for foreigners.

This is how this stock scam typically goes down. The Chinese company — usually in the tech sector — is in desperate need of the expensive skills or knowledge of a foreign person or entity. The Chinese company states: “we need your services, but we are a start up.” So, instead of paying hard cash, the Chinese company offers founders’ stock or employee stock options in their Chinese entity. Just as is the case with Silicon Valley founders stock/stock options, the idea here is that the Chinese entity will go public (“do an IPO”) and the stock it is giving will then provide a windfall benefit to the foreigners to whom they have given the founders stock or the stock options.

Unfortunately, this is all an illusion for the simple reason that no foreign person can own stock in a Chinese domestic company not already listed on a stock market. So any such option or stock transfer is void from the start. Foreigners are not permitted to be shareholders of Chinese domestic companies, nor does China recognize the concept of nominee shareholders.

Even though the offering of stock in Chinese companies is a fraud, we are still seeing many foreign individuals and companies taken in by such offers, most commonly in the fintech sector. Whatever the sector though, the Chinese company will use the “standard” Silicon Valley approach of offering a stock option package as a key benefit in the employment package. By offering stock options, the Chinese company can pay less and secure greater loyalty, while still exploiting the skills/extracting the knowledge of foreign individuals in developing an innovative software or other high tech product.

This exploitation/extraction period typically lasts one to three years, at which point the Chinese company tells the foreign individual, “sorry, the Chinese government has now informed us that we cannot issue stock options to you.” Sometimes, to better hide the scheme, the Chinese company will propose a series of fantasy work arounds, such as elaborate nominee schemes illegal under Chinese law. These proposals often convince the foreign person to waste another year or two with the Chinese company. But, in the end, the result is always the same. The Chinese company defaults on its promise to provide the foreign individual with stock in the company and the foreign individual is left high and dry. Since the founders stock/stock option scheme was void from the start, there is nothing the foreigners can do to enforce their rights in China, since they never had any such rights.

A similar scam is often perpetrated on foreign entities. The foreign entity has a technical service of great value to the Chinese company. The Chinese company then says: “We really need your services, but we are growing so fast these days that we simply do not have the free cash to pay you in cash for that. However, since we are growing so fast, it is certain we will soon do an IPO on the Shanghai stock exchange. So, instead of our paying you in cash, we will agree to pay in you in stock options. Our stock will provide you with far more monetary value than the paltry fee we would pay you for your services and by working with us, you will gain entry into the lucrative Chinese market and highly profitable work for Chinese companies will follow.”

This scam results in the same sad result as the employee stock option scam. First, as with employee stock options, a foreigner cannot own stock in the Chinese entity, so the option is void from the start. Second, the private Chinese entity never does an IPO on the Shanghai market, so the whole concept was an illusion. Third, the only thing the foreign entity achieved was to identify itself as an easy mark, which means there was no future profitable work available in China. Finally, the foreign company does not figure out the scam until after it has already transferred its service or valuable information to the Chinese entity.

There are a couple of elegant variants Chinese entities use to implement the Chinese stock scam. In the rare case where a private Chinese company actually completes an IPO, the listing is on a foreign exchange: usually either Hong Kong or the United States or London, where due to Chinese law requirements the actual listing entity is not the Chinese company for which stock options or stock were purportedly given. Instead, the listing entity is some form of subsidiary or other affiliate of the Chinese company, so that when the IPO takes place, the holder of the scam option or stock in the Chinese company can be told: “your stock option (or stock) is with the Chinese parent; you do not have an option with the affiliate actually listed. Sorry.”

Private companies in China are effectively locked out of China’s domestic IPO market. On the other hand, such companies have become attractive targets for private equity financing. But the story here is the same. The private equity financing occurs in China, resulting in a big payout to existing shareholders of the Chinese entity. The foreign stock option holder looks for an equivalent benefit. The Chinese entity then responds: this was a private equity deal, not an IPO. You did not own any stock at the time of the private financing, so you are not entitled to any benefit.

Bottom Line: Foreign individuals and companies should not accept promises of stock options or stock in a Chinese company in place of employment compensation or payment for services. Any Chinese company that makes the offer of payment in stock is either ignorant of the requirements of Chinese law or intentionally committing fraud. Either way, foreign individuals and companies should refuse to work with any Chinese company that makes this kind of stock offer. We have seen many of these deals. None have ever worked out well, and it will not work out well for you.