MPS Releases Regulations on Use of Electronic Data in Criminal Cases

On September 20, the Ministry of Public Security (MPS), Supreme People's Court (SPC) and Supreme People's Procuratorate (SPP) jointly released the Regulations on Issues related to Collecting, Obtaining and Examining and Judging Electronic Data in Criminal Cases, which will go into effect on October 1, 2016. The 30-article regulations authorize MPS, SPC and SPP to lawfully collect and obtain electronic data from entities and individuals, as well as transfer and examine the data accordingly.

The electronic data referred in the regulations include but is not limited to:
Information distributed on network platforms such as webpages, blogs, microblogs, Moments, post bars, online storage
Information communicated through network application services such as cell phone short messaging, emails, instant messaging, communication groups
User registration information, identity verification information, electronic transaction records, communication records, entry logs, etc.
Electronic files such as files, pictures, audio/video, digital certificates, computer programs

The regulations obligate all entities and individuals to provide truthful information, along with the storage media including electronic devices, hard drives, disks, USB drives, memory chips, etc. if possible, upon request from the three authorities in criminal investigations, with security provision added to ensure any electronic data related to national secrets, trade secrets and personal privacy to be kept confidential throughout investigation.

The regulations also stipulate the judicial procedures for electronic data obtention as first producing an Evidence Obtention Notice to inform electronic data owners, network service providers or relevant agencies for enforcement, and then requiring at least two investigators to be at scene while collecting and obtaining electronic data. The regulations reference "relevant technical standards" for specific evidence obtention methods, without further stating what exactly those standards referred are.

We'd expect increased efforts from companies, especially network service providers, for local compliance as well as cross jurisdiction conflicts under the extensive coverage of the regulations.