刚刚过去的2019年是网络生活更为丰富的一年,新的互联网产品、服务模式不断产生,从更大程度上改变了我们的生活、挑战着我们的工作,与此同时,与网络、数据经济相关的各类司法案例也逐渐丰富。
Cyber life continued to be active and vigorous in 2019. The flow of new Internet products and services brought significant changes and challenges, both to our work and our lifestyles. Judicial cases involving cyber security and data economy increased in both number and type.
在这一年:
- 多个个人用户的信息安全案例中,网络运营者需就其未实施侵权行为承担举证责任,举证不能时则被要求承担侵权责任(详见以下第一部分);
In several security cases involving users’ personal information, network operators were required to bear the burden of proof to establish their non-infringement, the failing of which bore tort liability (as specified in Section I below); - 互联网行业数据爬取相关的不正当竞争之诉频发,数据的财产性权益被广泛认可,不当使用爬虫等技术手段爬取、使用数据可能被认定为不正当竞争行为(详见以下第二部分);
Unfair competition lawsuits against Internet data crawling occurred frequently. Property rights or interests in data were generally recognized, and a misuse of web crawler and/or other technologies to crawl for the collection of data or the usage of data might be determined as unfair competition (as specified in Section II below); - 云服务等新型网络服务给网络服务平台商的侵权责任认定提出新挑战,“通知-删除”原则不再适用于所有网络服务提供商,“转通知”一定程度上可能成为网络服务提供商免责的独立必要措施(详见以下第三部分);
Cloud services and other new network services raised new challenges to the determination of the tort liability to be borne by the network service platform operators. The ‘Notice-Delete’ principle may not apply to all network service providers. ‘Forward Notice’ to an extent may become an independent measure necessary for the exemption of network service providers (as specified in Section III below); - 新技术的运用可能引发巨大的安全隐患和数据合规风险,亟待行业政策和监管的加强以及针对性法律规范的出台,企业在考虑是否采用新技术前,应全方位考虑相关风险(详见以下第四部分)。
The use of new technologies poses an increase in insecurity and data compliance risk. It is a matter of urgency to reinforce industrial policies and regulations and promulgate specific laws and rules. Operators need to fully assess the relevant risks before using a new technology (as specified in Section IV below).
一、个人信息泄漏类侵权案件中的举证责任由侵权方承担 The burden of proof was required to be borne by the tortfeasor in personal information leakage cases
我们注意到,在权利人根据《侵权责任法》提起隐私权侵权之诉、主张个人信息泄露责任的多个案件1之中,司法机关要求侵权方承担举证责任,如下述2019年周裕婵、广东快客电子商务有限公司网络侵权责任纠纷((2019)粤03民终3954号)案(“快客案”)。
We noticed that in several cases1 initiated by individuals regarding infringement on right to privacy in accordance with the Tort Liability Law, which request the tortfeasor to bear the liability for leakage of personal information, judicial authorities require the tortfeasor to bear the burden of proof, e.g. Zhou Yuchan vs. Guangdong Quik Agel Ecommerce Co., Ltd.(“Quik”) Dispute over Network Tort Liability in 2019 ((2019) Yue 03 Min Zhong No. 3954) (“Quik Case”) as below.
案情介绍
Case Overview
周裕婵在快客公司运营的“KK馆”App上购物后向在线客服申请退货,在线客服答复不提供无理由退换货服务。第二天周裕婵接到“售后楚楚”的电话并添加了微信,“售后楚楚”将周裕婵的购物详情(包括快递单号、收货人手机、收货地址、订单付款时间、订单发货时间、订单完成时间、订单支付方式、用户账号、商品名称、金额等)发送给了周裕婵,周裕婵误以为“售后楚楚”就是“KK馆”的售后服务人员,将自身户名、银行账号等发送给“售后楚楚”,遭受财产损失。
Zhou Yuchan shopped on the ‘KKguan’ App operated by Quik. She requested to return the product through an online service, however was told that she could not return the product without giving a reason for the return. The next day, Zhou Yuchan received a phone call from a person identifying herself as ‘Aftersales Employee Chu Chu’ and who then friended her on WeChat. ‘Aftersales Employee Chu Chu’ sent the shopping-related information (including the express tracking number, the consignee’s mobile phone number, the consignee’s address, time of payment, time of consignment, time of finish, method of payment, user ID, name of product, and price of product, etc.) to Zhou Yuchan. Zhou Yuchan mistook ‘Aftersales Employee Chu Chu’ as a staff member of KKguan’. She sent her account name, account number and other personal information to ‘Aftersales Employee Chu Chu’ and then suffered a loss of property.
一审及二审法院均认为,作为普通消费者的周裕婵不具备就快客公司内部数据信息管理是否存在漏洞等情况进行举证证明的能力,客观上应由快客公司举证证明其不存在泄露信息的行为。快客公司称公司将信息一并打包给供应商、快递公司等第三方,不排除是该等第三方泄露周裕婵的信息,对此,一审法院认为,首先,快客公司未能证明涉案信息泄露归因于第三方;其次,将购物信息打包给第三方在信息传送过程中反而存在泄露信息的可能。本案在排除其他泄露隐私信息可能性的前提下,可以认定是由于快客公司疏于防范导致的结果,因而可以认定其具有过错,应承担侵权责任。
Both the trial court and the appeal court held that Zhou Yuchan, as an ordinary consumer, had no capacity to provide proof establishing whether there was a bug in Quik’s internal data and information management system. Therefore, from an objective perspective, Quik should bear the burden of proof to establish that it had not committed an information leakage. Quik alleged that they sent the entire package of shopping-related information to the suppliers, express services and other third parties, therefore, the possibility could not be ruled out that one of these third parties leaked Zhou Yuchan’s information. In response to this allegation, the trial court held that, firstly, Quik was unable to prove the leakage of the information was caused by a third party; and secondly, the information was more likely to be leaked during the transmission of the whole package of the shopping-related information to the third parties. In conclusion, under the circumstance that all the other possible leakages had been ruled out, it could be determined that the information leakage was caused by Quik’s negligence and Quik should bear tort liability for such negligence.
合规启示
Compliance Implication
尽管法律上没有直接规定网络运营者在出现个人信息泄漏事件时的举证责任倒置,但包括快客案在内的多个案例之中,法官均认为用户作为个体,存在举证上的天然劣势,难以掌握网络运营者内部的信息管理漏洞或发生信息泄漏的事实,也无法对此举证,因此,应当由网络运营者自行举证证明其自身没有导致用户个人信息泄露或者个人信息泄露是第三方导致;无法证明时,则以民事诉讼高度盖然性的标准,认定网络运营者对于用户个人信息的泄露存在责任、构成民事侵权。
No statutory provision directly stipulates that the burden of proof should be inversed in the case of personal information leakage by a network operator, but the judges in many cases including Quik Case, held that technically, the user as an individual has much less capacity to provide evidence, and it is difficult for them to know or provide evidence for the information management breach or for the information leakage committed by the network operator. Therefore, the network operator should provide evidence to prove that the user’s personal information leakage was not the result of their actions or was resulted by a third party, failing which the network operator may be determined as being responsible for the user’s personal information leakage and having committed a civil tort based on the balance of probability in a civil action.
在这种情况下,网络运营者尤其是大量获取、处理用户个人信息的企业,为防范和应对泄露和诉讼风险,应增强建立数据和网络的合规体制。企业可考虑的降低风险的措施包括:(1)建立全流程的个人信息保护内部控制制度;(2)完成网络安全等级保护制度项下的测评和登记;(3)改进数据相关的外部合作模式,加强供应商合规和协议管理;(4)适当留存合规工作、数据处理活动的记录,加强潜在的诉讼风险中的举证能力。
In this situation, the network operators, especially those receiving and processing massive amounts of users’ personal information, should establish a stronger data and cyber compliance system in order to prevent and respond to data leakage and litigation risk. The network operators may consider the following measures to minimize risks: (1) establish a thorough internal control system for personal information protection; (2) carry out assessments and registrations under the classified cyber security protection system; (3) improve the mode of data-related cooperation with others, and to make strong efforts to manage the compliance and agreements of or with the suppliers; and (4) keep proper records of compliance works and data processing activities, and to improve their capacity to provide evidence in potential litigation risks.
二、数据抓取可能构成不正当竞争 Data scrapping may constitute unfair competition
在“数据资产”的战略地位凸显的市场环境下,各类与数据权属和使用有关的纠纷也越来越多。
Under the current market environment, data is more and more valued as a type of strategic asset, and more disputes related to ownership or use of data have been raised.
我国现行法律对于数据权益尚无明确的规定,《民法总则》第127条规定,“法律对数据、网络虚拟财产的保护有规定的,依照其规定”,通过比较模糊的条文为数据财产权预留了空间。司法实践中,《反不正当竞争法》成为数据权属争议的主要法律支撑,例如2019年的微梦公司诉复娱公司不正当竞争案((2019)京73民终2799号)部2。
There is no express provision with respect to the rights or interests in or to data under the existing Chinese law. It is provided in Article 127 of the General Rules on the Civil Law that, “if there are statutory provisions on the protection of data and virtual property, such statutory provisions shall apply”, which leaves the door for property rights of data by such ambiguous regulation. In judicial practice, the Anti- Unfair Competition Law becomes the main legal basis governing a dispute over the ownership of data, e.g. the lawsuit initiated by Micro Dream against Foyo for unfair competition in 2019 (Case No.: (2019) Jing 73 Min Zhong No. 2799)2 as below.
案情介绍
Case Overview
在上海复娱文化传播股份有限公司(简称“复娱公司”)与北京微梦创科网络技术有限公司(简称“微梦公司”)不正当竞争纠纷案中,微梦公司诉称,其系新浪微博平台的运营者及服务提供者。复娱公司未经许可抓取新浪微博中明星微博内容并在其运营的“饭友”App中的明星帐号中设置微博专题,并嵌套该明星的新浪微博界面,完整展示该明星微博包括界面和内容在内的全部数据。复娱公司在使用新浪微博数据时还恶意屏蔽了新浪微博中的部分功能且添加了自有功能。微梦公司认为,复娱公司上述行为违反了诚实信用原则和公认的商业道德,构成不正当竞争。一审及二审法院均支持了微梦公司的主张,法院要求被告公司公开刊登声明,并赔偿经济损失及合理开支共计人民币210万元。
Micro Dream Network Technology (China) Co., Ltd. (“Micro Dream”) initiated a lawsuit against Foyo Culture & Entertainment Co., Ltd. (“Foyo”) for unfair competition, alleging that: Micro Dream was the operator of and service provider for www.weibo.com; without authorization, Foyo scrapped the content of a celebrity’s Weibo, created a ‘Weibo theme’ in a celebrity’s account on the ‘Foyo(饭友)’ App, and embedded the interface of the celebrity’s Weibo account in this theme. They displayed the interfaces, contents and all the other data of the celebrity’s Weibo; Foyo also maliciously blocked certain functions of Weibo and added some functions of its own when using Weibo’s data; therefore, the behavior of Foyo violated the “good faith” principle and generally accepted business ethics, and constituted an unfair competition. Both the trial court and the appeal court upheld Micro Dream’s allegations and ordered the defendant to make a public statement and pay RMB 2.1 million as economic compensation and indemnification for reasonable expenses in total.
在数据权益的认定方面,法院认为微梦公司作为社交媒体平台,其设计了软件界面、信息排布,提供了符合用户期待的内容和体验,微梦公司作为新浪微博的运营者,对新浪微博前后端全部数据享有权益,并通过新浪微博这一生态链实现商业利益,有权对他人非法抓取并使用新浪微博数据的行为主张权益。
Regarding acknowledgement of the rights and interests in or to data, the court held that: Micro Dream, as a social media platform, designed software interfaces and information layout and provided satisfactory contents and experiences to the users; also, as the operator of Weibo, Micro Dream was entitled to the rights and interests in or to all of Weibo’s frontend and backend data and to use Weibo as an ecological chain for commercial interest; therefore, Micro Dream had the right to make a claim against any illegal scrapping and use of data from Weibo.
而“饭友”App分流了微梦公司的潜在用户流量,并且抓取的是新浪微博的后台数据,该等抓取需要通过绕开或破坏微梦公司技术保护措施的手段实施,而被告抓取并使用该等数据,导致微梦公司的独家权益无法得到保障,综上,法院认为被告抓取新浪微博数据并在“饭友”App上展示的行为不具有正当性,构成不正当竞争。
Foyo(饭友) App grabbed some of the potential user flow from Micro Dream, and scrapped the backend data. The scrapping of this backend had to bypass or sabotage Micro Dream’s technical protection system. Therefore, the scrapping and use of such data by the defendant infringed the exclusive rights and interests of Micro Dream in or to such data. The court ruled that the scrapping of data from Weibo and the displaying them on the Foyo(饭友) App was improper and constituted unfair competition.
合规启示
Compliance Implication
法院通常认可互联网公司对于其产品前后台数据享有的财产属性的相关利益,如竞争者从互联网平台获取数据的方式不合法(如绕过反爬虫措施进行数据抓取)或超越授权使用数据,则该等行为存在较大可能被认定为不具有正当性,从而构成不正当竞争。
Generally, the court will recognize the property rights or interests of an Internet company in or to the frontend and backend data of their products. If a competitor takes data from an Internet platform by illegal means (such as scrapping data by bypassing anti-crawling systems) or using data outside the scope of authorization, such behavior is very likely to be determined as being improper and having constituted an unfair competition.
我们建议企业在运营中一方面避免不正当的获取第三方的数据,另一方面也要采取措施充分保护自身的数据权益。企业可以考虑的合规及保护措施包括:(1)在涉及数据使用的协议中明确主张对数据的权益,设置robot协议;(2)根据实际的商业需求,加大对IP地址等数据异常情况的关注,考虑设置反爬虫技术措施;(3)对于非自有数据的获取和使用,须进行充分风险分析。
We suggest that network operators avoid the improper acquisition of a third party’s data on the one hand and take measures to protect their own rights and interests in or to data on the other hand. Network operators may consider the following compliance and protection measures: (1) in the agreements related to the use of data, they should expressly set forth their claims for the rights and interests in or to the data, and set up a robot protocol; (2) according to the actual business requirement, pay more attention to abnormal situation of IP address and other data, and use anti-crawling technologies; and (3) fully analyze the risks that may arise from the acquisition or use of non-self-owned data.
三、云服务等新型网络服务提供者平台责任的司法判例 Judicial cases on the liabilities of cloud services providers
随着互联网、大数据、云计算等技术的不断革新,市场上出现了越来越多的如云服务等新型网络服务,该等新型网络服务的出现对传统的网络服务平台商的类型以及其侵权责任的认定提出了挑战:如果在其提供的云服务中出现了侵权内容,如何认定该等网络服务平台商的法律地位和侵权责任?是否应当适用《侵权责任法》第36条3。以下我们对照首例云服务侵权案(阿里云计算有限公司与北京乐动卓越科技有限公司关于侵害作品信息网络传播权纠纷案,(2017)京73民终1194号)])来说明。
As the Internet, big data, cloud computation and other technologies innovate from time to time, more new network services, for example, cloud services, are emerging in the market. Such new network services have imposed a new challenge to the determination of the category of the traditional network service platform operators and their tort liability: in the case of any infringing content in the cloud service provided by a network service platform operator, how should we determine its legal position and tort liability? Should Article 36 of the Tort Liability Law apply?3 We shall use the first case of an infringement by cloud service (Dispute between Alibaba Cloud Computing Co., Ltd. and Beijing Locojoy Technology Ltd. over infringement of the right to disseminate works or information via network ((2017) Jing 73 Min Zhong No. 1194)) as an example to explain this issue.
案情介绍
Case Overview
北京乐动卓越科技有限公司(简称“乐动公司”)持有手机游戏软件《我叫MTonline》著作权。2015年乐动公司发现www.callmt.com网站未经授权提供《我叫MT畅爽版》的iOS版、安卓版下载及游戏充值服务的侵权游戏(以下统称“侵权游戏”)。乐动公司经调查发现,侵权游戏内容存储于阿里云服务器,并通过该服务器向客户端提供游戏服务。2015年10月,乐动公司先后向阿里云计算有限公司(简称“阿里云公司”)发出三次通知,要求其删除侵权游戏,并提供服务器租用人的具体信息。然而,阿里云公司仅仅向侵权游戏租用人进行了转通知,并未进行删除侵权游戏。一审法院认为,云服务器提供商虽无需事先审查服务器中存储内容是否侵权,但在他人利益因其服务而受损时应当采取措施配合权利人维权,一审法院判决阿里云公司构成侵权。二审法院认为云服务器租赁服务相当于传统模式下为用户提供了接入互联网的基础条件,不包括上层内容服务。callmt.com网站是直接的信息与数据控制者,阿里云公司有技术能力对云服务器进行整体关停或空间释放,却无法对存储在其出租的云服务器中的具体内容进行直接控制。因此认为阿里云公司采取的“转通知”属于合理措施。最终,二审法院对一审判决进行了改判,判定阿里云公司不构成侵权。
Beijing Locojoy Technology Ltd. (“Locojoy”) owns the copyright to game software named “My Name Is MTonline (我叫MTonline)”. In 2015, Locojoy found that the www.callmt.com website provided a service to download an iOS version and an Android version of a game called “My Name Is MT (Free Version)( 我叫MT畅爽版)” and the relevant payment services (collectively the “Infringing Games”) without authorization. After investigation, Locojoy found that the content of the Infringing Games was saved on Ali Cloud’s server, and the relevant game services were also provided to the users through such server. In October, 2015, Locojoy sent three notices to Alibaba Cloud Computing Co., Ltd. (“AliCloud”), requiring it to delete the Infringing Games and provide the information of the person who leased the server. But AliCloud only forwarded such notices to the user but has not deleted the Infringing Games. The trial court held that, although the cloud server provider was not required to review whether the content saved in the server is infringing, if the rights or interests of a person was damaged as a result of its service, it should take measures to help such person to protect his/her rights or interests. Therefore, the trial court ruled that AliCloud has committed an infringement. The court of appeal held that the lease of cloud server is to provide basic condition for the user to connect to internet under a traditional mode, excluding any service for higher-level content; the callmt.com website is the direct controller of information and data, while Ali Cloud only has the technical capacity to shut down the cloud server or evacuate space in the cloud server, but could not directly control the specific content saved at the cloud server leased by it; therefore, the “Forward Notice” done by AliCloud was a reasonable action. In the end, the court of appeal overthrew the judgment of first instance and ruled that AliCloud has committed no infringement.
合规思考
Compliance Implication
云服务提供商提供的服务被认为属于基础性服务,阿里云公司无法直接、精准控制云服务器中的内容,该种新型网络服务无需受限于《信息网络传播权保护条例》的“通知-删除”原则,且“转通知”本身有可能已经构成《侵权责任法》中的必要措施,但单独的判例还不能树立起一般的规则,仅仅“转通知”本身是否成立《侵权责任法》第36条规定的“必要措施”仍存在一定的争议。
The services provided by the cloud service is regarded as basic network service; AliCloud could not directly and accurately control the content in the cloud server; and AliCloud is not subject to the ‘Notice-Delete’ principle under the Regulations on Protection of the Right to Disseminate Information via Network, and also that the actual ‘Forward Notice’ itself may have already constituted a necessary action under Tort Liability Law; however, individual case could not establish a general rule, and also whether ‘Forward Notice’ itself constitutes a ‘necessary action’ under Article 36 of the Tort Liability Law remains uncertain.
四、新技术应用引发争议 New technology applications caused controversy
技术发展日新月异,其中,一些新的技术手段在隐私和安全方面产生了巨大的争议。以人脸识别为例,目前我国并未出台针对人脸识别技术商业运用的法律规定,但通过人脸识别技术所收集的面部特征信息属于个人敏感信息,应受个人信息保护相关法律的规制,例如以下郭某诉某市野生动物世界采集游客人脸信息案,对于是否可以及如何采用人脸识别技术,仍有较大争议。
Technology is developing extremely rapidly. Some new technologies are very controversial in terms of privacy and security. An example of this is with respect to facial recognition; so far no statutory provision has been promulgated on the commercial applications of facial recognition technology in China. However, facial features that are collected by facial recognition technology is very sensitive personal information governed by personal information protection laws. A lawsuit initiated by a customer called Guo against a Safari Park for the improper collection of their facial image remains controversial and the case is discussed below.
案情介绍
Case Overview
2019年4月,大学老师郭某办理了某市野生动物世界(以下简称“动物世界”)年卡,办理年卡时动物世界承诺有效期内持年卡的客户入园需要同时验证年卡和指纹。2019年10月,郭某收到动物世界的短信通知,称动物世界采用了人脸识别技术,未经注册人脸识别将无法正常入园。郭某出于隐私的考虑,不愿意被收集人脸信息,要求向动物世界办理退卡被拒绝。因此,郭某向法院起诉了动物世界,该案目前尚在审理中。
In April, 2019, Mr. Guo, a college teacher, bought an annual pass from a Safari Park (“Safari Park”). The Safari Park undertook that they would check both the annual pass and the fingerprint of the tourist who held the annual pass within the valid term for admission. In October, 2019, Mr. Guo received a text message from the Safari Park, notifying him that they had launched a facial recognition system and no tourists could be admitted to the Safari Park without facial recognition. Guo was unwilling to have his facial image collected due to privacy considerations and requested a refund of the annual pass, but this was refused by the Safari Park. Guo then initiated a lawsuit against the Safari Park. This case is still pending for trial.
该案是我国第一起关于人脸识别的诉讼案件,但是关于人脸信息识别技术的争议并不是首次出现。例如,2019年9月,某大学安装人脸识别门禁用于考勤,并实现对学生课堂情况的全程监控引起巨大争议。2019年9月,某换脸软件通过使用AI技术,使用户上传的正脸照可以替换为影视作品或者小视频中的人物,生成以自己为主角的视频片段。9月3日,针对该 App用户隐私协议不规范,存在数据泄露风险等网络数据安全问题,工信部约谈负责人,要求其依法依规收集使用用户个人信息强化网络数据和用户个人信息安全保护。
This case was the first lawsuit involving facial recognition in China, but it was not the first controversy over facial recognition technology. In September, 2019, a university installed facial recognition access control devices to record attendance and monitor students in class. This caused a large public controversy. In September, 2019, a deep-fake software used AI technology to replace a person in a film, TV drama or video with the photo of a face uploaded by a user, so as to produce a clip of a video in which the user was the hero. On September 3, with respect to the non-compliance of users’ privacy policy, data leakage risk and other cyber data security related risks of such App, MIIT interviewed some officers and ordered them to collect and use the users’ personal information in accordance with the applicable laws and regulations and take stronger measures to protect cyber data and users’ personal information.
合规启示
Compliance Implication
很多新的技术在技术本身的成熟度、在实践中可能引发的合规风险、与第三方机构进行合作的相应安排等方面,均缺乏成熟的操作模式。由于技术本身的快速发展,我们建议考虑采用新技术的企业:(1)对新技术的合规问题进行全面的技术和法律的评估,通过一系列的措施和制度降低法律风险;(2)在第三方合作过程中,审慎审核该等第三方机构的技术能力以及网络安全保护能力,与该等第三方机构签署严格的保密协议,约定各自的数据安全责任;(3)试运营过程中采取严格的风控和公共策略;(4)根据运营过程之中发现的问题适时调整相关合规措施。
Many new technologies are not mature themselves; therefore there is no well-established mode for prevention of their potential compliance risk in practice or for cooperative arrangements with third parties. Considering the rapid development of technologies, we suggest that the operators using new technologies should (1) conduct full technical and legal assessments on the compliance of new technologies, and take or establish a series of measures and systems to minimize their legal risks; (2) during the cooperation with third parties, carefully assess their technical capacity and cyber security protection capacity, and execute strict confidentiality agreements with them to set forth responsibilities for data security; (3) adopt strict risk controls and public strategies in trial operation; and (4) adjust the compliance measures in response to the problems found in operation.
1.申瑾与上海携程商务有限公司等侵权责任纠纷案((2018)京0105民初36658号);庞理鹏与北京趣拿信息技术有限公司隐私权纠纷案((2017)京01民终509号
Shen Jin vs Shanghai Ctrip Commerce Co., Ltd. Dispute over Tort Liability ((2018) Jing 0105 Min Chu No. 36658); and Pang Lipeng vs Beijing Quna IT Co. Ltd. Dispute over Privacy((2017) Jing 01 Min Zhong No. 509).
2.如有兴趣,可进一步查阅腾讯诉字节跳动不正当竞争案((2019)津0116民初2091号民事裁定);蚂蚁集团、企查查不正当竞争纠纷案((2019)浙8601行保1号)
Please also see the unfair competition lawsuit initiated by Tencent against ByteDance((2019) Jin 0116 Min Chu --- Civil Determination No. 2091); and the unfair completion dispute between Ant Financial and Qichacha ((2019) Zhe 8601 Hang Bao No. 1), if necessary. - 第三十六条 网络用户、网络服务提供者利用网络侵害他人民事权益的,应当承担侵权责任。网络用户利用网络服务实施侵权行为的,被侵权人有权通知网络服务提供者采取删除、屏蔽、断开链接等必要措施。网络服务提供者接到通知后未及时采取必要措施的,对损害的扩大部分与该网络用户承担连带责任。网络服务提供者知道网络用户利用其网络服务侵害他人民事权益,未采取必要措施的,与该网络用户承担连带责任。
Article 36 Internet users and Internet service providers shall assume tort liability if they utilize the Internet to infringe upon the civil rights and interests of others. If an internet user commits tortious acts through internet services, the infringee shall be entitled to inform the internet service provider to take necessary measures, including, inter alia, deletion, blocking and unlinking. If the Internet service provider fails to take necessary measures in a timely manner upon notification, it shall be jointly and severally liable with the said Internet user for the damage increase. If an internet service provider is aware that an internet user is infringing on the civil rights and interests of others through its internet services and fails to take necessary measures, it shall be jointly and severally liable with the said internet user for such infringement.
