Recent news reports regarding the alleged purchase of personal information by a corporate investigative service firm in Shanghai have raised questions about the possibility of obtaining information about domestic Chinese companies from government corporate registration agencies.
In China, the corporate registration authority is the State Administration for Industry and Commerce (the “SAIC”) and its local counterparts. These agencies maintain the official corporate files and corporate information on companies incorporated in China. The “official corporate files” of a company typically include items such as (1) copies of the original government approvals issued to the company, (2) the company’s articles of association (the corporate charter document), (3) shareholder agreements, and (4) board resolutions. A company’s “corporate information” includes its name, date of establishment, business address and the names of its shareholders, among other details. Obviously, these types of materials can provide crucial information about a company’s business operations that is highly valuable to competitors, creditors, analysts and other prospective business partners or adversaries.
Although generally this information has been made available for review by the public, the level of access has changed over time. In the past ten years, the relevant authorities have undertaken two apparently contradictory efforts in this regard: reducing access to corporate files while expanding access to certain corporate credit information (which is now published and available to the public free of charge).
Reduced Access to Corporate Files
In 1996, the SAIC issued a regulation (Measures on Inquiries of Enterprise Registration Records and Files), which spelled out the basic rules for inquiring about a company’s corporate files. According to those rules:
- Public security agencies, procuratorates (roughly equivalent to China’s public investigative and prosecutorial agencies), judicial authorities, national security agencies, disciplinary inspection and supervision authorities and audit authorities may make request a company’s written corporate files by presenting an official letter and valid identity certificate(s) to the relevant local office of the SAIC.
- A P.R.C.-admitted lawyer, when representing a company which is a party to a lawsuit, may request the company’s written corporate files from the relevant office of the SAIC. The lawyer must submit proof from the court that the case has been filed and his or her own certificate to practice law.
In reality, however, these rules were ignored for about the first ten years after they were promulgated. During that period, not only government agencies, but ordinary individuals often could obtain a company’s written corporate files if they paid a certain inquiry fee to the registration authority. As time went by, access was increasingly limited to P.R.C.-admitted lawyers – other individuals were restricted from making direct requests. They could still make indirect requests, however, by paying a P.R.C.-admitted lawyer a modest fee to file the inquiry on their behalf.
For the past year or so adherence has been strict. Now, a P.R.C.-admitted lawyer can request a company’s corporate files only when the lawyer is representing the company in a lawsuit. In May 2012, the Beijing Administration for Industry and Commerce issued a “Notice for Inquiry on Enterprise Registration Files” to restate and reaffirm the rules.
Practically speaking, the actual amount of information made available may vary between the local offices of the SAIC. In the past, availability has depended on the accuracy and diligence in record-keeping practices at each particular local office.
Disclosure of Credit Information
The Chinese government is working to create a social credit system to overcome problems arising from malicious defaults on bank loans, tax avoidance, commercial fraud, counterfeiting and other credit-damaging activities. With a goal of encouraging positive behaviors and supporting companies that maintain good credit records, the government publicly discloses credit information they obtain about companies. Such information may include:
- identity information, such as basic registration information, information on qualifications, approvals or permits granted by authorities, resulting in special or annual inspections, etc.;
- disciplinary records, such as information on whether the company had been fined, forfeited or suspended from business operations due to an unlawful activity, or did not pass a special or annual inspection;
- records of violations, such as information that the business license of the company was revoked or withdrawn due to serious unlawful activities, where the company has been fined, forfeited or suspended from business operations two or more times due to the same unlawful activity, or has committed a crime and is subject to criminal liabilities; and
- records of achievements, such as information that the company or its legal representative or other chief executives have been honored by high-level government authorities, that the trademark of the company has been designated as a “well-known trademark,” or that the credit rating of the company has been ranked “AAA” by financial institutions.
In summary, the volume and type of publicly-available information about privately-held companies in China has been subject to increasing restrictions in recent years, but a significant amount of information remains openly available.
Further developments on personal information protection law in China have the potential to affect the amount and type of publicly-available corporate information. We will continue to monitor developments in this field as they arise.
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Committee on Foreign Investment in the United States
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cyber Attack
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition Technology
- FACTA
- Fair Credit Reporting Act
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HIPPA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Oklahoma
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Regulation
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Dakota
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code