Writer Wang Xiaoshan had enough. Never again would he set down his chopsticks during supper to answer an unsolicited phone call from a real estate agent.
On December 26, 2012, Wang microblogged a simulated wanted poster offering a 1,000-yuan ($161) reward for the phone number of Zuo Hui, President of Homelink, one of the largest real estate brokers in the country.
China's human flesh search engine delivered Zuo's phone number, which Wang posted the next day to the applause of many for whom aggressive telemarketing is a familiar yet unwanted intrusion into personal privacy.
Ironically, legal experts warned that Wang's tit-for-tat response might have violated Zuo's personal privacy. Nevertheless, Wang demanded Homelink reveal how it obtained his personal information. The company refused to do so while offering its apology for the intrusive calls.
A real estate broker in Anhui told China Radio Network that the sale and purchase of client data is standard operating procedure in the industry. Information clients do not voluntarily offer is bought from property management firms or online information vendors.
Wang's determination to protect his personal information came two days before the Standing Committee of the National People's Congress (NPC), China's top legislature, passed a decision on strengthening online information protection on December 28.
The decision, as legally binding as a law, is intended to better protect Internet user privacy and provide a legal basis for safeguarding online information security, so as to ensure the healthy and orderly development of the Web, said a spokesman for the NPC Standing Committee.
"The law represents progress in China's legal system and maturity in social management," said Li Yuxiao, Director of Internet Governance and Legal Research Center at Beijing University of Posts and Telecommunications.
The decision provides legal protection for information that can be used to identify a citizen, or that which involves privacy, and bans illegal acquisition, sale and purchase of data. Personal information can only be obtained with prior consent.
It requires Internet service providers and public institutions to clearly state the purposes, means and scope of all data collection efforts. Information collected must be relevant to business operations.
Organizations are further required to maintain confidentiality, and are forbidden to leak, tamper with, damage, sell or provide information to others illegally. These organizations are also required to take necessary measures to ensure information security.
The law addresses data management, and requires Internet service providers to manage user posts and report illegal content to authorities. All providers must verify user identities upon giving them access to services.
"Verified identification is used for backstage management, while users can choose pseudonyms when publishing information online," said Li Fei, Deputy Director of the Legislative Affairs Commission of the NPC Standing Committee.