How to bid farewell to personal information streaking from paper to reality
2021-11-09
Since November 1, the personal information protection law, which has attracted much attention, has been officially implemented. In the network information age, there is a lot of chaos in the field of personal information protection. Some enterprises, institutions and even individuals collect, illegally obtain, overuse, illegally trade personal information at will, invade the people's peace of life and endanger the people's life, health and property safety. Personal information protection has become the most concerned, direct and realistic interest issue of the broad masses of the people. The introduction of a special personal information protection law has also become the strongest legislative voice of all sectors of society in recent years. How to protect personal information, how to build a strong legal deterrent, and how to effectively curb violations of laws and regulations against personal information rights and interests are urgent problems to be solved in legislation. After three deliberations, on August 20, the 30th meeting of the Standing Committee of the 13th National People's Congress voted to adopt the personal information protection law. As a basic special law in the field of personal information protection, the personal information protection law is woven into a personal information protection network together with civil code, data security law, e-commerce law and other laws. It is worth mentioning that under the background of the gradual improvement of personal information security awareness in the whole society, although the broad masses of the people have always maintained high enthusiasm for personal information protection, they also generally lack relevant scientific and legal knowledge. The personal information protection law has really changed from a paper legal provision to a sharp tool for safeguarding rights in the hands, which is not achieved overnight. Distinguish between sensitive and non sensitive information For ordinary people, which personal information is protected by the personal information protection law, especially which personal information will be specially protected by the law, is undoubtedly the problem that should be understood most. A highlight of the personal information protection law is that for the first time, personal information is divided into sensitive and non sensitive by law, and "sensitive personal information" is defined as "personal information that is easy to infringe the personal dignity of natural persons or endanger the safety of personal and property once leaked or illegally used", At the same time, the processing of sensitive personal information shall be specially and more strictly regulated. According to the provisions of the personal information protection law, biometrics, religious beliefs, specific identities, medical and health care, financial accounts, whereabouts and personal information of minors under the age of 14 are classified as "sensitive" personal information. Sensitive personal information will be more strictly protected than other personal information. Turning to why we should provide special legal protection for sensitive personal information, Cheng Xiao, vice president of the school of law of Tsinghua University, pointed out that, on the one hand, sensitive personal information is closely related to natural persons' basic rights such as human dignity and personal freedom and major personal and property rights and interests. Whether such information is processed legally or illegally, there will be significant risks and even direct damage. For example, by mastering biometric information such as natural person's genes, fingerprints, voiceprints, palmprints and facial features, a specific natural person can be permanently identified. If the processor digs hollow thinking about how to use this information to seek benefits, the possible risks to individuals will be difficult to predict and control. On the other hand, in the network information age, it is obviously impossible to completely prohibit the use of personal information. How to delimit the boundary between protection and rational use has become the core of the problem. The distinction between sensitive and non sensitive is helpful to delimit this boundary more scientifically. In addition, it is necessary for natural persons, personal information processors and relevant functional departments to distinguish and clearly list sensitive personal information. "This distinction can enable natural persons to be more fully aware of the importance of sensitive personal information, take more effective self-protection actions and be more cautious. Once illegal acts are found, they can report them in time. It can also reduce the compliance cost for personal information processors to fulfill their obligations and improve the predictability of the legitimacy of processing acts. Functional departments can also concentrate resources for accurate analysis Effective law enforcement activities to improve law enforcement efficiency, "Cheng Xiao said. The disclosure of sensitive information does great harm The core feature of sensitive personal information is sensitivity. "This kind of sensitivity refers to the ease of infringing or endangering the consequences." Cheng Xiao said that there are two kinds of consequences of infringing or endangering sensitive personal information. One is the infringement of human dignity. For example, divulging personal information such as race, nationality, political views, sexual orientation and disease, or illegally using these personal information will make individuals suffer discrimination or unfair treatment, which is an infringement on human dignity. Second, the personal and property safety of natural persons is endangered. For example, divulging a person's whereabouts and being known by criminals leads to the murder of the victim; The disclosure of bank account information leads to the theft of bank funds, etc. It is particularly noteworthy that face recognition, as a kind of sensitive personal information, once leaked, is easy to cause great harm to personal and property safety, and may also threaten public safety. Therefore, its collection and use have been widely concerned. Article 26 of the personal information protection law stipulates that the installation of image acquisition and personal identification equipment in public places shall be necessary to maintain public safety, comply with the relevant provisions of the state, and set up prominent prompt signs. The collected personal images and identification information can only be used for the purpose of maintaining public security and shall not be used for other purposes; Except with individual consent. It is reported that at present, in addition to the anti-terrorism law, there are still no corresponding laws and regulations for the installation of image acquisition and personal identification equipment in public places. Only a few local governments have formulated government regulations, such as the measures for the administration of Beijing public security image information system implemented on April 1, 2007 and the measures for the administration of Beijing public security image information system implemented on August 1, 2011 Measures of Shaanxi Province for the administration of public security image information system, etc. However, these local government regulations were promulgated earlier and can not meet the practical requirements. In view of this, Cheng Xiao suggested that after the implementation of the personal information protection law, the relevant laws and regulations of public safety video image system should be improved from the top-level design level as soon as possible, so as to better coordinate the maintenance of public safety and the protection of personal information. Take the initiative to take up legal weapons to protect rights So, as the obligee of personal information, what can I do to effectively protect my personal information, especially sensitive information? China Consumer Association recently gave five "reminders": We should actively study the personal information protection law and other legal provisions, including understanding the processing rules of personal information and sensitive personal information, their own rights, the obligations that personal information processors should undertake, and the relief methods when personal information rights and interests are infringed. We should form the good habit of "not providing personal information when it is not necessary". In addition to carefully reading the terms of the privacy agreement, we should also consider the sufficiency of the reasons for handling personal information and the necessity of providing personal information, and provide personal information or authorization only when it is really necessary. Keep track of the personal information authorized or provided by yourself. If you do not agree to continue processing your personal information, you should actively exercise the right to "withdraw your consent" and ask the other party to stop processing or delete its personal information in time. Pay attention to destroying the documents and data with personal information to prevent personal information disclosure due to random discarding and improper use. For example, properly handle the documents and data with personal information such as non desensitized express documents, which should be destroyed in time after use, or discard after smearing out the key information; it is recommended to dispose of some electronic data with personal sensitive information, such as certificates and photos Delete after use or store in encrypted mode. We should take the initiative to take up legal weapons to safeguard our legitimate rights and interests. When our personal information rights and interests are infringed or illegal processing of personal information is found, we should take the initiative to complain and report, provide case clues and relevant vouchers, and safeguard our legitimate rights and interests. Where is the stock of personal information With the implementation of the personal information protection law, there is another problem worthy of attention, that is, where to go with the stock of personal information. The so-called stock personal information refers to all kinds of personal information collected and stored by personal information processors before the implementation of the personal information protection law. Among them, some personal information processors may collect and store a large amount of personal information including sensitive personal information in a way that does not comply with the provisions of the law. Due to the continuity of personal information processing behavior, after the implementation of the personal information protection law, these personal information may continue to be used in practice. "This processing behavior should be regulated by law in time." Zhang Xinbao, Professor of Law School of Renmin University of China, pointed out that due to the lack of clear legal and policy guidance, improving the legal and compliance governance of stock personal information is an urgent problem to be solved after the implementation of the personal information protection law. In Zhang Xinbao's view, if there are violations of laws and regulations in the processing of stock personal information, how to determine the nature of the behavior needs to be determined in judicial policy. He advocates that the date of the formal implementation of the personal information protection law should be used as the time node to distinguish between the pre implementation and post implementation situations. Zhang Xinbao suggested the introduction of relevant regulations or judicial interpretations to make clear provisions on this issue. "If the processing activities of personal information processors fail to meet the standardized standards stipulated in the personal information protection law, the relevant functional departments shall order them to make corrections or obtain supplementary consent, or order them not to process other than storage and taking necessary security protection measures." (Xinhua News Agency)
Edit:Ming Wu Responsible editor:Haoxuan Qi
Source:legaldaily.com.cn
Special statement: if the pictures and texts reproduced or quoted on this site infringe your legitimate rights and interests, please contact this site, and this site will correct and delete them in time. For copyright issues and website cooperation, please contact through outlook new era email:lwxsd@liaowanghn.com