The “Personal Information Protection Law of the People’s Republic of China” came into effect on November 1.
According to the data in the “Statement of the Calculation of the Development of the Internet in China”, as of June this year, China’s Internet users have reached 1.011 billion, with 4.22 million Internet websites, and 3.02 million applications. The collection and use of personal information has become increasingly widespread. The issue of personal information maintenance has become one of the most important interests of the society.
How does the implementation of the Personal Information Protection Law affect the Internet life? What are the support guarantees for the maintenance of personal information? The Cantonese “Ming Tsai” came out to speak, combined with his experience and circumstances, and compared the content of relevant laws and regulations, and shared a few key examples.
Anyone has to collect and use legally
Others’ personal information
On April 21 this year, Ming Tsai saw a report in the “Yangcheng Evening News”: From June 2020, Jiang, Wu, Peng, Wang, and Liu were in an apartment on Jianpeng Road, Guangzhou. Room A1115, with Jiang as the boss, buys 58.com.cn account from others. Liu and Wang use the above account to post a lot of false recruitment information on 58.com.com and collect personal information of applicants’ citizens. Wu and Peng sold the personal information of citizens collected by Liu and Wang to others for profit. After auditing, the total number of citizens’ personal information (including names and phone numbers) illegally obtained and sold by Jiang and others was 42,790.
He found that the People’s Court of Baiyun District of Guangzhou City made the judgment as follows: The court believed that the defendant Jiang Mou and other five persons violated national laws and regulations and illegally obtained and sold citizens’ personal information in a gang. The circumstances were serious and constituted a crime of aggression against citizens’ personal information. Among them, Jiang was the principal offender, and the other four were accomplices. The court sentenced Jiang to two years’ imprisonment and fined 30,000 yuan; the other defendants were sentenced to fixed-term imprisonment ranging from one year to two months to ten months and were fined.
■Legal rules Article 10 of the Personal Information Protection Law: Any organization or individual has to legally collect, use, process, and transmit other people’s personal information, and have to legally buy or sell, supply, or expose other people’s personal information; they must not engage in damage to national security or public interests. Of personal information processing activities.
Six scenarios for handling personal information
No need for personal approval
Ming Tsai’s friend opened a business and secretly operated illegally. Later, a media outlet exposed the company’s illegal activities and revealed the name of the company and the name, gender, and status of the company under the name of the legal representative (ie Mingzi’s friend) in the report. Mingzai’s friends believed that the media’s reports infringed on his legal rights to personal information. So, according to the Personal Information Protection Law, is the behavior of the media illegal?
■Legal rules Article 13 of the Personal Information Protection Law: Personal information processors can only process personal information if one of the following conditions is met-(1) to obtain the approval of the individual; (2) to establish and implement the individual as a party Necessary for contracts, perhaps necessary for the implementation of human resource management in accordance with labor regulations and collective contracts signed in accordance with the law; (3) Necessary for the implementation of statutory duties or statutory obligations; (4) To respond to public health emergencies, It may be necessary to maintain the life, health and property safety of natural persons in emergency situations; (5) To perform news reporting, public opinion supervision and other acts for the public interest, and to process personal information within a reasonable scale; Process personal information that has been disclosed by individuals or other legally disclosed personal information within a large scale; (7) Other scenes of laws, administrative regulations and rules. According to other relevant rules of this law, the handling of personal information shall be approved by the individual, but there is no need to obtain the approval of the individual if there are rules in items 2 to 7 of the preceding paragraph.
Personal information collector
Don’t excessively collect personal information
In the days, Mingzi downloaded many different types of apps. But he found that some APPs set the registration page to “disagree with its format clauses” and they cannot enter the “next step”. Mingzi stated that some of the rules in these format clauses are excessive and have nothing to do with the intention of using the APP, such as requiring users to authorize to view the address book, etc., and really don’t want to “agree”.
■Legal rules Article 6 of the Personal Information Protection Law: The processing of personal information should have a clear and reasonable intention, and should be directly related to the processing intention, and adopt methods that have the least impact on personal rights. The collection of personal information shall be limited to the smallest scale to achieve the processing intent, and personal information shall not be collected excessively.
Rule 16: Personal information processors shall not refuse to provide products or services on the grounds that individuals do not agree to the processing of their personal information or withdraw their approval; the processing of personal information belongs to what is necessary for the supply of products or services.
Not in terms of buying and selling prices, etc.
Impose unreasonable differential treatment
In recent years, Ming Tsai has frequently seen news related to “big data kills familiarity”. For example, Mingzi said that before this, Ms. Zhou, who lives in Beijing, planned to take her family to Hainan during the summer vacation. In order to save money, Ms. Zhou started to pay attention to flight status and price information through an online travel channel one month earlier. What she didn’t expect was that her meticulous planning was actually “stared” by channel big data.
“The first search for a ticket is the same price, and after a while, the price will increase.” Ms. Zhou stated that the final order fare was nearly 1,000 yuan higher than the first search, but a friend booked the same flight on the same day. The price is several hundred yuan lower than his own. Even considering factors such as price changes caused by air ticket margins, he was “obviously slaughtered by big data.”
■Legal rules Article 24 of the Personal Information Protection Law: Personal information processors who use personal information to make automated resolution plans shall ensure the transparency of the resolution plan and the fairness and fairness of the results, and shall not impose unreasonable trading conditions on individuals such as buying and selling prices. Differential treatment. Information push and commercial marketing to individuals through automated decision-making methods should also provide options that are not specific to their personal characteristics, and perhaps provide individuals with convenient methods of rejection. Individuals have the right to request personal information processors to clarify decisions made through automated resolution planning methods that have a serious impact on personal rights and interests, and have the right to reject personal information processors to make decisions only through automated resolution plans.
“Brushing face” in public places
Personal information collected
No other use
When Mingzai goes to work, he needs to “brush his face” to pass the gate of the building where the company is located. When he usually travels to some scenic spots, he is also asked to “brush his face” to identify him. He was very surprised: Are there any rules for the personal information protection law on the handling of personal “face” information in these public places?
■Legal rules Article 26 of the Personal Information Maintenance Law: The installation of image collection and personal identification equipment in public places shall be necessary to maintain public safety, abide by relevant national regulations, and set up prominent reminders. The personal images and identification information collected can only be used for the purpose of maintaining public safety and shall not be used for other purposes; those who have obtained the individual’s sole approval are outside.
Handling sensitive personal information
Individual approval should be obtained
Mingzai’s children go to kindergarten. He often sees hobby training organizations in the vicinity of the kindergarten to attract customers. Some hobby training organizations allow parents to register personal information and children’s identity information, etc., and send gifts just by registering. Mingzi thinks that the registered child information is too detailed and inappropriate.
■Legal rules Article 28 of the Personal Information Protection Law: Sensitive personal information is personal information that, once leaked, may be illegally used, which may easily lead to infringement of the personal dignity of natural persons or damage to personal and property safety, including biometrics, religious beliefs , Specific identities, medical health, financial accounts, track and other information, as well as personal information of minors under the age of fourteen. Personal information processors can only process sensitive personal information when they have specific intentions and sufficient necessity, and take strict maintenance measures.
The law also rules: the handling of sensitive personal information shall obtain the individual’s individual approval, and the handling of sensitive personal information by laws, administrative regulations and rules shall obtain written approval, according to its rules.
Rule 31: Personal information processors who process the personal information of minors under the age of fourteen shall obtain the approval of the minor’s parents or other guardians; for processing the personal information of minors under the age of fourteen, a special Personal information processing rules.
Violation of the Personal Information Protection Law
Or fined one million yuan
If the punishment is weak, the rules will be “soft.” If relevant organizations and individuals violate the Personal Information Protection Law, what responsibilities will they assume? Mingzi raised questions about this.
According to the relevant rules of the Personal Information Maintenance Law, if the part that implements personal information maintenance duties finds that personal information processing activities are dangerous or may cause personal information security incidents, the legal representative of the personal information processor can follow the authority and procedures of the rules Or the main person in charge conducts an interview, or requires the personal information processor to entrust a professional organization to conduct a compliance audit of its personal information processing activities. For applications that illegally process personal information, order to suspend or stop the provision of services; if they refuse to make corrections, a fine of less than one million yuan will be imposed; the directly in charge and other directly responsible personnel will be imposed between 10,000 yuan and less than 100,000 yuan fine.
The law also stipulates that if the processing of personal information infringes on the rights and interests of personal information and causes damages, and the personal information processor cannot prove that he is not at fault, he shall undertake the infringement duties such as compensation for damages. Any violation of the rules of this law shall be recorded in the credibility file in accordance with the rules of relevant laws and administrative regulations, and shall be publicized; where a violation of public security management is constituted, public security management penalties shall be imposed in accordance with the law, and if a crime is constituted, criminal duties shall be investigated in accordance with the law.
Text/Yangcheng Evening News reporter Dong Liu Comics/Yangcheng Evening News reporter He Ben and Mai Yuheng
文/羊城晚报记者 董柳 漫画/羊城晚报记者 何奔 麦宇恒