Which topic would you like to know more about?
What is the legal age of adulthood/ majority in your jurisdiction? Are all persons below this age considered a child/ minor?
Article 17 of the Civil Code of the People's Republic of China provides that a minor who has reached the age of 18 is an adult.
Has the UNCRC been directly incorporated into national law in your jurisdiction?
No.
No, the UNCRC has not been directly incorporated into the People's Republic of China laws.
Is there an ombudsperson/ commissioner for children in your jurisdiction?
No.
No, there is no specific ombudsperson or commissioner for children in China.
If there is an ombudsperson/ commissioner for children in your jurisdiction, do they have any responsibility for upholding children’s rights in the digital world or does the relevant regulator have sole competence?
N/A.
N/A
Is there any standalone requirement to collect the consent of one or both parents when processing a child’s personal data (irrespective of any other obligations, e.g. the requirement to have a legal basis for processing)?
Yes.
Article 31 of the Personal Information Protection Law stipulates that data controllers handling the personal data of minors under the age of 14 shall obtain the consent of the minor's parents or other guardians.
Article 9 of the Provisions on Network Protection of Children's Personal Information stipulates that network operators who collect, use, transfer or disclose personal data of minors under the age of 14 shall obtain the consent of the child's guardian.
Article 13 of the Administrative Measures for Personal Information Protection Compliance Audits requires such audits to focus on a number of matters, including when personal information is processed based on an individual's consent, whether consent from the parents or other guardians has been obtained prior to processing the personal information of minors under the age of 14.
At what age can children legally consent to the processing of their own personal data, such that parental permission/ consent is not required?
Article 31 of the Personal Information Protection Law stipulates that data controllers handling the personal data of minors under the age of 14 shall obtain the consent of the minor's parents or other guardians.
Article 9 of the Provisions on Network Protection of Children's Personal Information stipulates that network operators who collect, use, transfer or disclose personal data of minors under the age of 14 shall obtain the consent of the child's guardian.
Are there specific requirements in relation to collection and/or verification of parental consent/ permission concerning the processing of a child’s personal data?
Yes.
This applies only to national standards.
GB/T42575-2023 set out several examples on how to verify the identity of the parents before collecting parental consent. For example, a minor under the age of 14 can be asked to enter the guardian's mobile phone number, and the content verifying the guardian's identity can be sent to the guardian's mobile phone. The guardian can reply to a specific field to confirm whether he or she is the guardian.
Are there any particular information or transparency requirements concerning the processing of children’s personal data?
Yes.
Article 31 of the Personal Information Protection Law and Article 21 of the Regulations on Network Data Security Management stipulate that where a data controller handles the personal data of minors under the age of 14, it shall formulate special rules for the handling of children’s personal data.
Article 14 of the Administrative Measures for Personal Information Protection Compliance Audits further requires such special rules for the handling of children’s personal data to inform the children and guardians of the purpose, methods and necessity of processing their personal data, as well as the types of personal information to be processed and the protective measures taken (except where notification is not required by law or administrative regulations).
Additionally, the personal data of minors under the age of 14 is considered sensitive personal data. Under Article 30 of the Personal Information Protection Law and Article 21 of the Regulations on Network Data Security Management, the processing of sensitive personal data should also be disclosed by the data controller as to the necessity of processing sensitive personal data and the impact on the rights and interests of the individual.
Article 8 of the Provisions on Network Protection of Children's Personal Information stipulates that network operators should set up special rules and user agreements for the protection of personal data of minors under the age of 14.
Can children directly exercise their rights in relation to their personal data without the involvement of their parents?
Yes.
Article 19 of the Provisions on Network Protection of Children's Personal Information stipulates that if a minor under the age of 14 or his or her guardian discovers an error in the children’s personal data collected, stored, used or disclosed by a network operator, he or she has the right to request the network operator to correct it.
Article 20 of the Provisions on Network Protection of Children's Personal Information stipulates that where a minor under the age of 14 or his/her guardian requests a network operator to delete the child’s personal data that the network operator has collected, stored, used or disclosed, the network operator shall promptly take measures to delete such data.
Can children make complaints on their own behalf directly to your national data protection/ privacy regulator(s)?
Yes.
Article 24 of the Provisions on Network Protection of Children's Personal Information stipulates that any organisation or individual who discovers any violation of the handling of children's personal data has the right to report it to the relevant authorities. There is nothing to prevent a child from making a complaint on their own behalf to the relevant authorities nor do such complaints have to be made through a parent or organisation.
Are there any particular requirements/ prohibitions related to:
a. processing specific types of children’s personal data;
b. carrying out specific processing activities involving children’s personal data; and/ or
c. using children’s personal data for specific purposes.
Yes.
a. processing specific types of children’s personal data.
All personal data of minors under the age of 14 should be considered as sensitive personal data. In this case, the data controller should disclose the necessity of processing sensitive personal data and the impact on the rights and interests of the individual.
b. carrying out specific processing activities involving children’s personal data; and/ or
Article 24 of the Regulation on the Internet Protection of Minors stipulates that providers of internet products and services shall not engage in commercial marketing to minors by means of automated decision-making. So, we understand that a data controller should not use children’s personal data to engage in commercial marketing to minors by means of automated decision-making.
c. using children’s personal data for specific purposes.
Article 24 of the Regulation on the Internet Protection of Minors stipulates that providers of Internet products and services shall not engage in commercial marketing to minors by means of automated decision-making. So, we understand that a data controller should not use children’s personal data for the purpose of commercial marketing to minors using automated decision-making.
Has there been any enforcement action by your national data protection/ privacy regulator(s) concerning the processing of children’s personal data? In your answer, please include information on the volume, nature and severity of sanctions.
Yes.
There have been enforcement actions taken by regulators concerning the unlawful collection and use of children’s personal data, typically resulting in fines and corrective measures, across various industries including hotels, social media, children's education, etc.
Are there specific rules concerning electronic direct marketing to children?
Yes.
Article 24 of the Regulation on the Internet Protection of Minors stipulates that providers of internet products and services shall not engage in commercial marketing to minors by means of automated decision-making.
Are there specific rules concerning the use of adtech tracking technologies, profiling and/or online targeted advertising to children?
Yes.
Article 24 of the Regulation on the Internet Protection of Minors stipulates that providers of internet products and services shall not engage in commercial marketing to minors by means of automated decision-making.
Are there specific rules concerning online contextual advertising to children?
No.
The People's Republic of China rules have not regulated online contextual advertising to children.
Has there been any regulatory enforcement action concerning advertising to children? In your answer, please include information on the volume, nature and severity of sanctions.
Yes.
There have been enforcement actions against companies for non-compliance with advertising laws relating to children, including the following:
a) in violation of the Article 22 of the Advertising Law by advertising tobacco to minors;
b) in violation of Article 38 of the Advertising Law, using minors under the age of ten as spokespersons for advertisements;
c) in violation of Article 39 of the Advertising Law, conducting advertising activities in primary and secondary schools and kindergartens, or using teaching materials, teaching aids, exercise books, stationery, school uniforms, school buses, etc. for primary and secondary school pupils and young children to publish advertisements or advertisements in disguise;
d) in violation of Article 40 of the Advertising Law, publishing advertisements for medical treatment, medicines, health food, medical devices, cosmetics, alcohol, beauty care, and advertisements for online games not conducive to the physical and mental health of minors, on mass media targeting minors;
e) in violation of Article 40 of the Advertising Law, advertisements for goods or services targeting minors under the age of 14 and which contain the following content:
(i) persuading them to ask their parents to buy the advertised goods or services; and
(ii) provoking them to imitate unsafe behaviour.
At what age does a person acquire contractual capacity to enter into an agreement to use digital services?
According to Article 18 of the Civil Code of the People's Republic of China, a person acquires full contractual capacity at the age of 18. However, minors aged 16-18 who earn their income through work can independently enter into contracts that match their age and mental maturity.
Do consumer protection rules apply to children?
Yes.
Yes, consumer protection rules in China apply to children.
According to Article 2 of the Law on the Protection of Consumer Rights and Interests, the rights and interests of consumers are protected when they purchase, use goods or receive services for their daily consumption needs.
Are there any consumer protection rules which are specific to children only?
Yes.
According to Article 16 of the Law on the Protection of Consumer Rights and Interests, operators providing online game services shall set up time management, authority management, consumption management and other functions for minors.
According to Article 42 of the Regulation on the Internet Protection of Minors, network product and service providers shall establish and improve anti-indulgence systems, shall not provide products and services to minors that induce them to become addicted, and shall promptly modify the content, functions and rules that may cause minors to become addicted.
According to Article 43 of the Regulation on the Internet Protection of Minors, online games, online live broadcasting, online audio and video, online social networking and other network service providers shall set up modes for minors in terms of the time period of use, duration, functions and contents.
Network service providers should provide functions such as time management, permissions management and consumption management in a conspicuous and convenient manner for guardians to perform their guardianship duties.
According to Article 44 of the Regulation on the Internet Protection of Minors, online games, online live streaming, online audio and video, online social networking and other online service providers shall take measures to reasonably limit the amount of single consumption and single-day cumulative consumption of minors of different ages in the use of their services. and the cumulative amount of consumption on a single day, and shall not provide minors with paid services that are incompatible with their civil behavioural capacity.
Article 74 of the Law on the Protection of Minors stipulates that network product and service providers shall not provide minors with products and services that induce indulgence. Providers of online games, online live broadcasting, online audio and video, online social networking and other network services shall set up appropriate time management, permission management, consumption management and other functions for minors using their services. Online education network products and services targeting minors shall not insert links to online games, or push advertisements and other information unrelated to teaching.
Has there been any regulatory enforcement action concerning consumer protection requirements and children’s use of digital services? In your answer, please include information on the volume, nature and severity of sanctions.
Yes.
Yes, there have been enforcement actions focusing on illegal sales practices targeting minors, especially regarding digital content and gaming services.
Are there any age-related restrictions on when children can legally access online/ digital services?
Yes.
In 2021, the State Press and Publication Administration issued the Notice on Further Strict Management of Effectively Preventing Minors from Becoming Addicted to Online Games, which requires that all online game enterprises may only provide online game services to minors for one hour on Fridays, Saturdays, Sundays, and legal holidays from 20:00 to 21:00 each day, and that online game services may not be provided to minors in any other form at any other time.
Article 75 of the Law on the Protection of Minors stipulates that online game service providers shall not provide online game services to minors from 22:00 to 08:00.
The Guide to the Development of the Minor Mode in Mobile Internet requires mobile smart terminals to provide differentiated usage time management services for minors of different age groups. When the recommended daily usage time is exceeded, other applications will be suspended by default except for specific necessary applications and applications with parental custom exemptions.
- in minor mode for users under the age of 16, the default recommended total usage time is no more than 1 hour, and a parental exemption operation is provided;
- in minor mode for users aged 16 to 18, the default recommended total usage time is no more than 2 hours, and a parental exemption operation is provided;
- in minor mode, when a minor user uses the mobile smart terminal for more than 30 minutes continuously, the mobile smart terminal shall issue a rest reminder;
- in the minor mode, the mobile smart terminal does not provide services to minors from 22:00 to 6:00 the next day by default, and a parental exemption operation is provided.
The following functions and services are not subject to the above-mentioned usage time and time period restrictions:
- basic functions necessary to ensure the normal operation of the mobile smart terminal hardware and operating system, such as system kernel applications, Bluetooth, GPS, etc.;
- products and services that ensure the personal and property safety of minors and necessary communication needs, such as basic communication products and services such as text messages, calls, voice, contacts, etc.;
- application software that provides educational services for minors: products and services that provide educational services such as online courses for minors that are registered with the relevant competent authorities; and
- applications that can be exempted by parental custom settings.
Are there any specific requirements relating to online/ digital safety for children?
Yes.
Article 77 of the Law on the Protection of Minors stipulates that no organisation or individual may, through the internet, use words, pictures, audio or video, etc., to insult, slander, threaten or maliciously damage the image of a minor or engage in cyberbullying. Minors who have been subjected to cyberbullying and their parents or other guardians have the right to notify network service providers to take measures such as deleting, blocking and disconnecting links. Upon receipt of a notification, the network service provider shall promptly take the necessary measures to stop the act of cyberbullying and prevent the spread of the information.
Article 80 of the Law on the Protection of Minors stipulates that if a network service provider discovers that a user has released or disseminated information that may affect the physical and mental health of minors and has not given any significant hints, it shall give a hint or notify the user to give a hint.
Network service providers that discover that a user has released or disseminated information containing content harmful to the physical and mental health of minors must immediately stop transmitting the relevant information, take measures to delete, block, disconnect and other disposal measures, save the relevant records to the network information, public security departments and other reports.
If a network service provider discovers that a user has used its network services to commit a criminal offence against minors, it shall immediately stop providing network services to the user, keep the relevant records, and report to the public security authorities.
In minor mode, the Guide to the Development of the Minor Mode in Mobile Internet requires application providers to:
- not present online information that contains content that is harmful to the physical and mental health of minors; and
- not present information that may cause or induce minors to imitate unsafe behaviours, violate social ethics, generate extreme emotions, develop bad habits, etc., which may affect the physical and mental health of minors.
Are there specific age verification/ age assurance requirements concerning access to online/ digital services?
Yes.
Article 75 of the Law on the Protection of Minors stipulates that Online game service providers shall require minors to register and log in to online games with their real identity information.
Article 31 of the Regulation on the Internet Protection of Minors stipulates that where a network service provider provides information dissemination, instant messaging and other services for minors, it shall, in accordance with the law, require the minor or his or her guardian to provide the minor's true identity information. Webcast service providers shall establish a dynamic verification mechanism for the real identity information of webcast publishers, and shall not provide webcast publishing services to users who are minors and do not meet the legal requirements.
Article 31 of the Regulation on the Internet Protection of Minors stipulates that online game service providers shall verify the real identity information of the minor users through the unified electronic identity authentication system for minors' online games and other necessary means.
Are there requirements to implement parental controls and/or facilitate parental involvement in children’s use of digital services?
Yes.
According to Article 43 of the Regulation on the Internet Protection of Minors, online games, online live broadcasting, online audio and video, online social networking and other network service providers shall provide functions such as time management, permissions management and consumption management in a conspicuous and convenient manner for guardians to perform their guardianship duties.
The Guide to the Development of the Minor Mode in Mobile Internet requires relevant entities such as mobile smart terminals, applications, and application distribution platforms to benchmark the requirements under the Regulations on the Protection of Minors on the Internet and actively explore and promote the construction of minors' modes based on their own development realities. Smart mobile terminals, apps, and app distribution platforms should provide necessary management permissions and functions in the minor mode, allowing parents to manage minors' usage duration, app installation, recommended content types, etc., to facilitate parental guidance for minors' safe and reasonable internet use. Smart mobile terminals should provide a function to query the usage status of the minor mode, enabling parents to monitor minors' online activities. Parents can adjust the default settings in the minor mode based on actual circumstances, except for apps and services explicitly prohibited for minors by laws, regulations, or relevant requirements.
Has there been any regulatory enforcement action concerning online/ digital safety? In your answer, please include information on the volume, nature and severity of sanctions.
Yes.
There have been enforcement actions related to the failure of platforms to protect minors concerning online/ digital safety.
Are there any existing requirements relating to children and AI in your jurisdiction?
Yes.
While China has not enacted AI-specific legislation and nor does it have any laws or regulations that simultaneously target AI and children, administrative departments and sector-specific regulators have been issuing administrative regulations on AI in recent years, which include provisions related to children.
Additionally, laws on child protection contain some provisions related to AI:
- Article 10 of the Interim Measures for the Management of Generative Artificial Intelligence Services requires providers to implement effective measures to prevent minors from becoming overly reliant on or addicted to generative AI services.
- Article 18 of the Administrative Provisions on Recommendation Algorithms in Internet-based Information Services stipulates that where a recommendation algorithm-based service provider provides services for minors, it must fulfil the obligation of online protection of minors in accordance with the law and facilitate minors' obtaining of information that is beneficial to their physical and mental health by developing modes that are suitable for minors, providing services in line with minors' characteristics, or otherwise. Recommendation algorithm-based service providers may not push to minors any information that may cause minors to imitate unsafe behaviours or behaviours which violate social morality or lead minors into bad habits, and other information that may affect the physical and mental health of minors, nor can they lead minors into network addiction by using recommendation algorithm-based services.
- Article 5 of the Administrative Provisions on Pop-up Web Push Notification Services requires providers not to use algorithms to profile minors or push information to them that may affect their physical or mental health.
- Article 24 of the Regulation on the Internet Protection of Minors stipulates that providers of internet products and services shall not engage in commercial marketing to minors by means of automated decision-making.
- Article 26 of the Regulation on the Internet Protection of Minors stipulates that network product and service providers shall optimise relevant algorithms and models, and employ artificial intelligence, big data and other technical means combined with manual review to enhance the identification and monitoring of cyberbullying content.
Are there any upcoming requirements relating to children and AI in your jurisdiction?
Yes.
While these requirements may not be specifically about children, upcoming requirements include:
- Information Security Technology - Security Specifications for Generative Artificial Intelligence Pre-training and Optimised Training Data;
- Security Specifications for Generative Artificial Intelligence Data Labelling; and
- Guidelines for Patent Applications for Artificial Intelligence-Related Inventions.
Has there been any other regulatory enforcement activity to date relevant to children’s use of digital services? In your answer, please include information on the volume, nature and severity of sanctions.
Yes.
Yes, China has actively enforced regulations concerning children’s use of digital services, with a focus on curbing excessive online gaming, protecting minors from harmful content, and regulating the collection and use of children’s data. Recent enforcement actions include fines and mandatory reforms for companies violating these regulations.
Are there any other existing or upcoming requirements relevant to children’s use of digital services?
Yes.
Prohibition of online information harmful to the health of minors: Article 22 of the Regulation on the Internet Protection of Minors identifies information harmful to minors' health as content that promotes obscenity, pornography, violence, cults, superstition, gambling, self-harm, suicide, terrorism, separatism, extremism, etc.
Restricting the presentation of information potentially harmful to minors' health: Article 23 of the Regulation on the Internet Protection of Minors identifies information potentially harmful to minors' health as content that could lead to unsafe behaviour, violation of social ethics, extreme emotions or bad habits among minors.
Prohibition of cyberbullying: Article 26 of the Regulation on the Internet Protection of Minors sets out that cyberbullying includes insulting, slandering, threatening, or maliciously damaging the image of minors. Article 26 of the Regulation on the Internet Protection of Minors requires that providers of Internet products and services should:
- Establish mechanisms for early warning, identification, monitoring, and handling of cyberbullying;
- Provide channels for minors and their guardians to save records of cyberbullying and exercise notification rights;
- Offer options to protect against cyberbullying, such as blocking unknown users, controlling visibility of posts, prohibiting reposts or comments, and blocking messages;
- Build a database of cyberbullying characteristics and optimise algorithms using AI, big data, and manual review to strengthen identification and monitoring.
User management obligations for providers of online products and services: Article 29 of the Regulation on the Internet Protection of Minors sets out that providers should take effective measures to prevent the production, copying, publication and dissemination of information harmful to the mental and physical health of minors, potentially harmful information in products or services aimed at minors, and cyberbullying. Upon discovering such information, service providers must immediately take measures such as deleting, blocking or disabling links to prevent its dissemination, keep relevant records, report to authorities, and take action against users who produce, copy, publish or disseminate such information, including issuing warnings, restricting functions, suspending services or closing accounts.
Management of private information: According to the Civil Code, private information refers to information relating to the private life of an individual and personal information that the individual does not wish to be known by others, such as photographs of body parts. Article 38 of the Regulation on the Internet Protection of Minors stipulates that where a network service provider discovers that a minor's private information or personal information released by a minor through the network involves private information, it shall promptly give a reminder and take necessary protective measures, such as stopping transmission, to prevent the information from spreading. Where a network service provider discovers through a minor's private information that a minor may have been subjected to an infringement, it shall immediately take the necessary measures to preserve the relevant records and report them to the public security authorities.、
Consumption restrictions: Providers should reasonably limit the amount minors spend per transaction and total daily spending, and should not provide paid services beyond their civil capacity. The 2019 Notice on Preventing Minors from Becoming Addicted to Online Games stipulates that online gaming companies should not provide paid services to users under 8 years old. For the same online gaming company, users aged over 8 but under 16 are limited to a single recharge amount of no more than RMB 50 and a total monthly recharge amount of no more than RMB 200. Users aged over 16 but under 18 are limited to a single recharge amount of no more than RMB 100 and a total monthly recharge amount of no more than RMB 400.
