Network data security management will usher in new regulations-瞭望新时代网

Network data security management will usher in new regulations

2021-11-18

You can't use it without authorizing the app? Mandatory face recognition? What problems should enterprises pay attention to when listing abroad? Network data security management will usher in new regulations As sensitive personal information, once leaked, face is easy to cause great harm to personal and property safety, and even threaten public safety. However, previously, some residential properties and business places took face recognition as the only way to verify access; Some mobile apps refuse users to use their basic functions because users do not agree to provide unnecessary personal information... These problems are expected to be regulated. Recently, the state Internet Information Office solicited public opinions on the regulations on the administration of network data security (Draft for comments) (hereinafter referred to as the draft for comments). The deadline for feedback is December 13, 2021. In July this year, Mr. Zhang, the owner of Suzhou, received a notice from the property of his building, saying that the access control system would be changed to face recognition. The property owner is required to enter the information, otherwise he cannot enter the community. After Mr. Zhang sued the property company to the court, the property company finally agreed to add the card swiping function to the access control system. In this regard, the opinion draft proposes that if data processors use biometrics for personal identity authentication, they should conduct risk assessment on the necessity and security, and shall not use biometrics such as face, gait, fingerprint, iris and voiceprint as the only way of personal identity authentication, so as to force individuals to agree to collect their personal biometric information. In view of the strong problem that some users cannot use the app without authorization, the opinion draft proposes that the data processor shall not refuse to provide services or interfere with the normal use of services due to personal refusal to provide information other than personal information necessary for services. The reporter previously found in the interview that some users reported that it was difficult to log off their internet account, and they did not know where their personal information was stored and whether it would be deleted after logging off. The opinion draft makes it clear that if the user proposes to terminate the service or cancel his account, the data processor shall delete his personal information or anonymize it within 15 working days. If it is technically difficult to delete personal information, or it is really difficult to delete personal information within 15 working days due to complex business and other reasons, the data processor shall not carry out processing other than storing and taking necessary security protection measures, and shall make a reasonable explanation to the individual. With regard to the issue of data exit that has attracted much attention, the opinion draft proposes that if the data processor really needs to provide data outside the people's Republic of China due to business needs, it shall pass the data exit security assessment organized by the national network information department, and both the data processor and the data receiver shall pass the personal information protection certification conducted by the professional organization recognized by the national network information department, Keep relevant log records and data exit approval records for more than 3 years. So, what problems should enterprises pay attention to when listing abroad? The opinion draft specifies that data processors should apply for network security review in accordance with relevant national regulations when carrying out the following activities: merging, restructuring and separation of Internet platform operators who gather and master a large number of data resources related to national security, economic development and public interests, which affect or may affect national security; A data processor handling personal information of more than 1 million people is listed abroad; Where the data processor is listed in Hong Kong, which affects or may affect national security, etc. Large Internet platform operators who set up headquarters, operation centers and R & D centers abroad shall also report to the national network information department and the competent department. In addition, the draft also stipulates how Internet platform operators regulate the use of data. The draft proposes that Internet platform operators shall not use data and platform rules to engage in the following activities: using the user data collected and mastered by the platform to implement differentiated pricing of products and services for users with the same trading conditions without justifiable reasons and other acts damaging the legitimate interests of users; Use the operator data collected by the platform to implement the lowest price sales and other behaviors that damage fair competition in product promotion; Use data to mislead, cheat and coerce users, damage users' decision-making right to process their data, and process user data against users' wishes; Unreasonable restrictions and obstacles are set in terms of platform rules, algorithms, technology and traffic distribution, so as to restrict the small and medium-sized enterprises on the platform to have fair access to the industry and market data generated by the platform, and hinder market innovation. (reporter Yang Zhaokui) (outlook new era)

Edit：Luo yu Responsible editor：Wang er dong

Source：Workers’daily

Special statement: if the pictures and texts reproduced or quoted on this site infringe your legitimate rights and interests, please contact this site, and this site will correct and delete them in time. For copyright issues and website cooperation, please contact through outlook new era email：lwxsd@liaowanghn.com

Return to home page Return to list