Implementation time of personal information protection law

When will the Personal Information Protection Law be implemented

When will the Personal Information Protection Law be implemented? It will be implemented on November 1st. It is a law that comprehensively regulates the protection of personal information and fully responds to social concerns. When will the Personal Information Protection Law be implemented? Let's take a look at it with me.

When will the Personal Information Protection Law be implemented? On August 2th, the 3th meeting of the 13th the National People's Congress Standing Committee (NPCSC) voted to pass the Personal Information Protection Law of the People's Republic of China, which will take effect on November 1st, 221.

The Law of the People's Republic of China on the Protection of Personal Information clearly states:

If information is pushed or marketed to individuals through automated decision-making, options that are not specific to their personal characteristics should be provided or convenient ways of refusal should be provided;

handling sensitive personal information such as biometrics, medical and health care, financial accounts, and whereabouts should obtain individual consent;

the application that illegally handles personal information shall be ordered to suspend or terminate the service.

IT house understands that article 74 of chapter 8 of the personal information protection law further refines and perfects the principles to be followed in personal information protection and the rules for handling personal information on the basis of relevant laws.

Ten highlights:

Establish the principle of personal information protection. This is the basic principle for collecting and using personal information, and it is the institutional basis for constructing specific rules for the protection of personal information. The Law on the Protection of Personal Information emphasizes that the handling of personal information should follow the principles of legality, justness, necessity and good faith, have a clear and reasonable purpose and be directly related to the handling purpose, adopt a method that has the least impact on personal rights and interests, be limited to the minimum scope of the handling purpose, make public the handling rules, ensure the information quality, and take safety protection measures.

standardize handling activities to protect rights and interests. The Law on the Protection of Personal Information closely focuses on regulating personal information processing activities and protecting personal information rights and interests, and constructs personal information processing rules with "notification-consent" as the core. For example, personal consent should be obtained on the premise that personal information is fully informed in advance, and important matters of personal information processing should be informed to individuals again and obtained consent.

it is forbidden to "kill big data" and standardize automated decision-making. At present, more and more enterprises use big data to analyze and evaluate consumers' personal characteristics for commercial marketing, the most typical of which is the "big data killing" with outstanding social reflection. In this regard, the Law on the Protection of Personal Information stipulates that personal information processors should ensure the transparency of decision-making and the fairness and justice of the results by using personal information, and should not treat individuals unreasonably differently in terms of transaction conditions such as transaction prices.

strictly protect sensitive personal information. The Law on the Protection of Personal Information stipulates that sensitive personal information can only be processed if it has a specific purpose and sufficient necessity, and strict protection measures are taken. At the same time, an impact assessment should be made in advance, and individuals should be informed of the necessity of processing and the impact on their rights and interests. In addition, the Personal Information Protection Law identifies the personal information of minors under the age of 14 as sensitive personal information and strictly protects it.

standardize the handling activities of state organs. The Law on the Protection of Personal Information stipulates the activities of state organs in handling personal information, with particular emphasis on the application of this law to the activities of state organs in handling personal information, and the handling of personal information shall be carried out in accordance with the authority and procedures prescribed by laws and administrative regulations, and shall not exceed the scope and limits necessary for performing statutory duties.

give individuals full rights. The Law on the Protection of Personal Information promotes the individual's rights in personal information processing activities to the right to know and the right to decide, and clarifies that individuals have the right to restrict personal information processing; At the same time, it is required that personal information processors should provide individuals with ways to transfer their personal information under the conditions stipulated by the national network information department. In addition, the Personal Information Protection Law also makes special provisions on the protection of the personal information of the deceased.

strengthen the obligations of personal information processors. The Law on the Protection of Personal Information clarifies the obligations of personal information processors such as compliance management and protection of personal information security, and requires them to formulate internal management systems and operating procedures in accordance with regulations, take corresponding safety technical measures, designate responsible persons to supervise their personal information processing activities, conduct compliance audits on their personal information processing activities on a regular basis, conduct pre-impact assessment on high-risk processing activities such as handling sensitive personal information, making automatic decisions by using personal information, providing or disclosing personal information to the outside world, and fulfill the obligations of personal information disclosure notification and remedy.

give special obligations to large-scale network platforms. The Law on the Protection of Personal Information sets special personal information protection obligations for large Internet platforms: establish and improve the compliance system of personal information protection in accordance with state regulations, and set up an independent institution mainly composed of external members to supervise the protection of personal information; Follow the principles of openness, fairness and justice, and formulate platform rules; Stop providing services to products or service providers in the platform who seriously violate the law in handling personal information; Regularly publish social responsibility reports on personal information protection and accept social supervision.

regulate the cross-border flow of personal information. Nowadays, the cross-border flow of personal information is becoming more and more frequent, but the risk of cross-border flow of personal information is becoming more and more difficult to control because of the distant geographical distance and the differences between legal systems and protection levels in different countries. The Law on the Protection of Personal Information establishes a set of clear and systematic rules for the cross-border flow of personal information, so as to meet the objective requirements of protecting the rights and interests of personal information and meet the practical needs of international economic and trade exchanges.

improve the working mechanism of personal information protection. The law clarifies that the national network information department and the relevant departments of the State Council are responsible for the protection, supervision and management of personal information within their respective responsibilities, and at the same time stipulates the responsibilities of personal information protection and supervision, including carrying out publicity and education on personal information protection, guiding and supervising personal information protection, accepting and handling relevant complaints and reports, organizing the evaluation of application programs, and investigating and handling illegal personal information processing activities.

When will the Personal Information Protection Law come into effect? 2 The Personal Information Protection Law of the People's Republic of China will come into effect on November 1, which is a law that comprehensively regulates the protection of personal information and fully responds to social concerns.

according to the statistical report on the development of China's internet, as of June this year, there were 1.11 billion internet users, 4.22 million internet websites and 3.2 million applications in China. The collection and use of personal information are becoming more and more extensive, and the protection of personal information has become one of the most concerned interest issues in society.

how does the implementation of the personal information protection law affect online life? What are the support guarantees for the protection of personal information? Guangdong native "Mingzai" presented himself, combined with his experience and circumstances, and compared with the contents of relevant laws and regulations, and shared several key cases.

No one is allowed to illegally collect and use other people's personal information

On April 21st this year, Mingzai read a report in Yangcheng Evening News: Since June 22, Jiang, Wu, Peng, Wang and Liu have been in Room A1115 of an apartment in Jianpeng Road, Guangzhou, with Jiang as the boss and Liu and Liu as the owners, buying accounts from others for 58 websites in the same city. After auditing, the number of citizens' personal information (including names and telephone numbers) illegally obtained and sold by Jiang and others totaled 42,79.

He found that the People's Court of Baiyun District of Guangzhou sentenced five people, including the defendant Jiang, to illegally obtain and sell citizens' personal information in violation of national laws and regulations, and the circumstances were serious, which constituted the crime of infringing citizens' personal information. Among them, Jiang was the principal offender and the other four were accomplices. The court sentenced Jiang to two years in prison and fined him 3 thousand yuan; The remaining defendants were sentenced to fixed-term imprisonment ranging from one year, two months to ten months, and fined.

■ Article 1 of the Law on the Protection of Personal Information stipulates that no organization or individual may illegally collect, use, process or transmit other people's personal information, or illegally buy, sell, provide or disclose other people's personal information; Do not engage in personal information processing activities that endanger national security and public interests.

Personal consent is not required to handle personal information in six situations.

Mingzai's friend started a business and secretly carried out illegal business. Later, a media exposed the illegal behavior of the enterprise, and disclosed the name of the enterprise as well as the name, gender and running of the enterprise under the name of the legal representative (that is, Mingzi's friend) in the report. Mingzai's friends believe that media reports infringe on his legal rights of personal information. Then, according to the personal information protection law, is the behavior of the media illegal?

■ Law stipulates that Article 13 of the Personal Information Protection Law stipulates that a personal information processor can process personal information only if one of the following circumstances is met-(1) obtaining personal consent; (2) It is necessary to conclude and perform a contract to which an individual is a party, or it is necessary to implement human resource management in accordance with labor rules and regulations formulated according to law and collective contracts signed according to law; (3) It is necessary to perform statutory duties or obligations; (4) It is necessary to deal with public health emergencies or to protect the life, health and property safety of natural persons in emergencies; (five) to carry out news reporting, public opinion supervision and other acts for the benefit of the public, and to handle personal information within a reasonable range; (6) Handling personal information disclosed by individuals themselves or other personal information that has been legally disclosed within a reasonable scope in accordance with the provisions of this Law; (seven) other circumstances stipulated by laws and administrative regulations. In accordance with other relevant provisions of this law, personal consent shall be obtained for the handling of personal information, but it is not necessary to obtain personal consent in cases specified in items 2 to 7 of the preceding paragraph.

Personal information collectors should not collect personal information excessively

In life, Mingzi downloaded many different types of apps. However, he found that some apps could not enter the "next step" if they were set to "disagree with their format terms" on the registration page. Mingzi said that some provisions in these format terms are excessive and have nothing to do with the purpose of using the APP, such as asking the user to authorize the viewing of the address book, and really don't want to "agree".

■ Law stipulates that Article 6 of the Personal Information Protection Law stipulates that personal information should be handled with a clear and reasonable purpose, which should be directly related to the purpose of handling, and in a way that has the least impact on personal rights and interests. The collection of personal information should be limited to the minimum scope for the purpose of processing, and personal information should not be collected excessively.

Article 16 stipulates that a personal information processor shall not refuse to provide products or services on the grounds that an individual disagrees with the processing of his personal information or withdraws his consent; Processing personal information is not necessary for providing products or services.

Unreasonable differential treatment should not be implemented in terms of transaction price

In recent years, Mingzi has frequently seen news about "big data killing". For example, Mingzai said that Ms. Zhou, who lives in Beijing, was going to take her family to Hainan during the summer vacation. In order to save money, Ms. Zhou began to pay attention to flight dynamics and price information through an online travel platform one month in advance. What she didn't expect was that her careful planning was actually "stared" by the platform big data.

"The first search for air tickets is a price, and the price will go up after a while." Ms. Zhou said that the fare of the last order was nearly 1 yuan higher than that of the first search, but the price of the same flight booked by a friend on the same day was several hundred yuan lower than her own. Even considering the factors such as price changes caused by the remaining air ticket, I "obviously got a knife from big data".

■ Article 24 of the Law on the Protection of Personal Information stipulates that personal information processors should ensure the transparency of decision-making and the fairness and justice of the results when using personal information for automatic decision-making, and should not treat individuals unreasonably in terms of transaction conditions such as transaction price. Information push and commercial marketing to individuals through automated decision-making methods should provide options that are not specific to their personal characteristics, or provide convenient refusal methods to individuals. When making decisions that have a significant impact on personal rights and interests through automated decision-making, individuals have the right to ask the personal information processor to explain, and have the right to refuse the personal information processor to make decisions only through automated decision-making.

Personal information collected by "brushing your face" in public places shall not be used for other purposes.

When Ming Tsai goes to work, he needs to "brush his face" to pass through the gate of the building where the company is located. When he usually visits some scenic spots, he is also asked to "brush his face" to identify. He is very surprised: Does the Personal Information Protection Law stipulate the handling of personal "face" information in these public places?

■ Law stipulates that Article 26 of the Personal Information Protection Law stipulates that the installation of image acquisition and personal identification equipment in public places should be necessary for maintaining the safety of public places, comply with relevant state regulations, and set up obvious prompt signs. The collected personal images and identification information can only be used for the purpose of maintaining the safety of public security, and shall not be used for other purposes; Except with individual consent.

Personal consent should be obtained for handling sensitive personal information

Mingzai's child is in kindergarten, and he often sees some interest training institutions near the kindergarten to attract customers. Some interest training institutions let parents register personal information and children's identity information, and send gifts as long as they register. Mingzi thinks that it is inappropriate to register children's information in too much detail.

■ Article 28 of the Law on the Protection of Personal Information stipulates that sensitive personal information is personal information that, once leaked or illegally used, will easily lead to the violation of the personal dignity of natural persons or the harm to personal and property safety, including biometric identification, religious belief, specific identity, medical health, financial accounts, whereabouts and other information, as well as personal information of minors under the age of 14. Only when there is a specific purpose and sufficient necessity, and strict protection measures are taken, can the personal information processor handle sensitive personal information.

the law also stipulates that the handling of sensitive personal information shall be subject to the individual's separate consent. If laws and administrative regulations stipulate that the handling of sensitive personal information shall be subject to written consent, such provisions shall prevail.

Article 31 stipulates that a personal information processor shall obtain the consent of the parents or other guardians of minors when processing personal information of minors under the age of 14; When dealing with the personal information of minors under the age of fourteen, special rules for handling personal information shall be formulated.

violating the personal information protection law or being fined one million yuan

If the punishment is weak, the regulations will be "soft". What responsibilities will relevant organizations and individuals bear if they violate the personal information protection law? Ming Zi raised questions about this.

according to the relevant provisions of the personal information protection law, if the department performing the personal information protection duties finds that there is a great risk in personal information processing activities or personal information security incidents occur, it can interview the legal representative or principal responsible person of the personal information processor according to the prescribed authority and procedures, or ask the personal information processor to entrust a professional organization to conduct compliance audit on its personal information processing activities. For applications that illegally handle personal information, they shall be ordered to suspend or terminate the provision of services; Refuses to correct, and impose a fine of one million yuan; The directly responsible person in charge and other directly responsible personnel shall be fined between 1, yuan and 1, yuan.

the law also stipulates that if the processing of personal information infringes on the rights and interests of personal information, and the personal information processor cannot prove that he is not at fault,