Large scale network platform service providers shall not impose unreasonable differential treatment on users; Promote independent operation of natural monopoly links and market-oriented reform of competitive links in the energy sector; Financial institutions should establish a customer due diligence system; Establishing special funds to cultivate young scientific and technological talents... Starting from January, laws and regulations such as the Energy Law of the People's Republic of China, the Anti Money Laundering Law of the People's Republic of China, the Regulations on Network Data Security Management, and the Regulations on the National Natural Science Foundation of China will be officially implemented, gathering the strength of the rule of law and promoting high-quality economic and social development. On September 24, 2024, the "Regulations on the Administration of Network Data Security" (hereinafter referred to as the "Regulations") were promulgated and will come into effect on January 1, 2025. The Regulations are based on laws such as the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law, focusing on network data, refining relevant regulations, improving network data security rules, and providing more operable legal guarantees for enhancing the modernization of the network data security governance system and capabilities, "said Shi Jianzhong, Vice President of China University of Political Science and Law. The Regulation focuses on refining the provisions of the Personal Information Protection Law of the People's Republic of China on notification, consent, and individual exercise of rights. Wang from Heilongjiang downloaded a short video mobile application. According to the Personal Information Protection Law, when logging in with a WeChat account, the application should apply for the following permissions: "Obtain user public information (nickname, avatar, region, and gender)" "Find friends who share the application with you", where the first option cannot be unchecked. This has infringed upon my rights, "Wang sued the company that owns the short video software to the court. After two trials, the court held that although information such as "region" and "gender" do not fall under the privacy provisions of the Civil Code, according to the Personal Information Protection Law, they still belong to personal information protected by law. There will be clearer criteria for judging such disputes in the future. The Regulation is based on the needs of the current development of the digital economy, and further refines the relevant personal information protection requirements according to specific scenarios on the basis of the basic principles and rules established by the Personal Information Protection Law. For example, in response to the problem of abuse of "personal consent" in practice, the Regulation clearly stipulates the specific requirements that network data processors should comply with when processing personal information based on personal consent, including collecting personal information necessary for providing products or services, not collecting it beyond the scope, and not obtaining personal consent through misleading, fraudulent, coercive and other means. How to establish an efficient, convenient, and secure mechanism for cross-border data flow is another important issue in the field of network data security. On the basis of summarizing the experience of formulating and implementing departmental regulations such as the Measures for Security Assessment of Data Export, the Measures for Standard Contracts for the Export of Personal Information, and the Regulations on Promoting and Regulating Cross border Data Flow, the Regulations further optimize the mechanism for cross-border data flow The person in charge of the Cyberspace Administration of China introduced that the "Regulations" clearly stipulate that the national cyberspace administration department shall coordinate with relevant departments to establish a special working mechanism for national data export security management, study and formulate relevant policies for national network data export security management, and stipulate the conditions under which network data processors can provide personal information to overseas. It is also clarified that data that has not been notified or publicly released by relevant regions or departments as important data does not need to be declared as important data for export security assessment. In addition, the Regulation also stipulates that the state shall take measures to prevent and deal with cross-border security risks and threats of network data. The person in charge of China Electronics Standardization Institute said that the Regulation has established a network data cross-border flow security supervision model that is compatible with the new development pattern. The Cybersecurity Law and the Data Security Law both mention "important data", and the Data Security Law also stipulates that each region and department should establish a specific directory of important data in their respective regions, departments, and related industries and fields according to the data classification and grading protection system, and focus on protecting the data listed in the directory. The Regulation provides special provisions for the security of important data. The important data specified in the Regulations refers to data in specific fields, groups, regions, or with a certain level of accuracy and scale that, once tampered with, destroyed, leaked, illegally obtained or utilized, may directly endanger national security, economic operation, social stability, public health and safety The person in charge of the Cyberspace Administration of China introduced that in order to ensure the security of important data, the "Regulations" clearly stipulate the requirements for the establishment of an important data directory, and stipulate the obligation of network data processors to identify and declare important data; Establish the responsibilities of the person in charge of network data security and the network data security management agency; Require a risk assessment before providing, entrusting, or jointly processing important data, and clarify the key assessment content; Require processors of important data to conduct annual risk assessments of their network data processing activities and clarify the content of the risk assessment report. (New Society)