《中华人民共和国个人信息维护法》11月1日起施行,这是一部全面标准个人信息维护、充沛回应社会关切的法令。
The "Personal Information Protection Law of the People's Republic of China" came into effect on November 1.
According to the data in the "Statement of the Calculation of the Development of the Internet in China", as of June this year, China's Internet users have reached 1.011 billion, with 4.22 million Internet websites, and 3.02 million applications. The collection and use of personal information has become increasingly widespread. The issue of personal information maintenance has become one of the most important interests of the society.
How does the implementation of the Personal Information Protection Law affect the Internet life? What are the support guarantees for the maintenance of personal information? The Cantonese "Ming Tsai" came out to speak, combined with his experience and circumstances, and compared the content of relevant laws and regulations, and shared a few key examples.
A
Anyone has to collect and use legally
Others' personal information
On April 21 this year, Ming Tsai saw a report in the "Yangcheng Evening News": From June 2020, Jiang, Wu, Peng, Wang, and Liu were in an apartment on Jianpeng Road, Guangzhou. Room A1115, with Jiang as the boss, buys 58.com.cn account from others. Liu and Wang use the above account to post a lot of false recruitment information on 58.com.com and collect personal information of applicants’ citizens. Wu and Peng sold the personal information of citizens collected by Liu and Wang to others for profit. After auditing, the total number of citizens' personal information (including names and phone numbers) illegally obtained and sold by Jiang and others was 42,790.
He found that the People’s Court of Baiyun District of Guangzhou City made the judgment as follows: The court believed that the defendant Jiang Mou and other five persons violated national laws and regulations and illegally obtained and sold citizens’ personal information in a gang. The circumstances were serious and constituted a crime of aggression against citizens’ personal information. Among them, Jiang was the principal offender, and the other four were accomplices. The court sentenced Jiang to two years’ imprisonment and fined 30,000 yuan; the other defendants were sentenced to fixed-term imprisonment ranging from one year to two months to ten months and were fined.
■Legal rules Article 10 of the Personal Information Protection Law: Any organization or individual has to legally collect, use, process, and transmit other people’s personal information, and have to legally buy or sell, supply, or expose other people’s personal information; they must not engage in damage to national security or public interests. Of personal information processing activities.
B
Six scenarios for handling personal information
No need for personal approval
Ming Tsai's friend opened a business and secretly operated illegally. Later, a media outlet exposed the company's illegal activities and revealed the name of the company and the name, gender, and status of the company under the name of the legal representative (ie Mingzi's friend) in the report. Mingzai’s friends believed that the media’s reports infringed on his legal rights to personal information. So, according to the Personal Information Protection Law, is the behavior of the media illegal?
■Legal rules Article 13 of the Personal Information Protection Law: Personal information processors can only process personal information if one of the following conditions is met-(1) to obtain the approval of the individual; (2) to establish and implement the individual as a party Necessary for contracts, perhaps necessary for the implementation of human resource management in accordance with labor regulations and collective contracts signed in accordance with the law; (3) Necessary for the implementation of statutory duties or statutory obligations; (4) To respond to public health emergencies, It may be necessary to maintain the life, health and property safety of natural persons in emergency situations; (5) To perform news reporting, public opinion supervision and other acts for the public interest, and to process personal information within a reasonable scale; Process personal information that has been disclosed by individuals or other legally disclosed personal information within a large scale; (7) Other scenes of laws, administrative regulations and rules. According to other relevant rules of this law, the handling of personal information shall be approved by the individual, but there is no need to obtain the approval of the individual if there are rules in items 2 to 7 of the preceding paragraph.
C
Personal information collector
Don't excessively collect personal information
In the days, Mingzi downloaded many different types of apps. But he found that some APPs set the registration page to "disagree with its format clauses" and they cannot enter the "next step". Mingzi stated that some of the rules in these format clauses are excessive and have nothing to do with the intention of using the APP, such as requiring users to authorize to view the address book, etc., and really don't want to "agree".
■Legal rules Article 6 of the Personal Information Protection Law: The processing of personal information should have a clear and reasonable intention, and should be directly related to the processing intention, and adopt methods that have the least impact on personal rights. The collection of personal information shall be limited to the smallest scale to achieve the processing intent, and personal information shall not be collected excessively.
Rule 16: Personal information processors shall not refuse to provide products or services on the grounds that individuals do not agree to the processing of their personal information or withdraw their approval; the processing of personal information belongs to what is necessary for the supply of products or services.
D
Not in terms of buying and selling prices, etc.
Impose unreasonable differential treatment
In recent years, Ming Tsai has frequently seen news related to "big data kills familiarity". For example, Mingzi said that before this, Ms. Zhou, who lives in Beijing, planned to take her family to Hainan during the summer vacation. In order to save money, Ms. Zhou started to pay attention to flight status and price information through an online travel channel one month earlier. What she didn't expect was that her meticulous planning was actually "stared" by channel big data.
"The first search for a ticket is the same price, and after a while, the price will increase." Ms. Zhou stated that the final order fare was nearly 1,000 yuan higher than the first search, but a friend booked the same flight on the same day. The price is several hundred yuan lower than his own. Even considering factors such as price changes caused by air ticket margins, he was "obviously slaughtered by big data."
■Legal rules Article 24 of the Personal Information Protection Law: Personal information processors who use personal information to make automated resolution plans shall ensure the transparency of the resolution plan and the fairness and fairness of the results, and shall not impose unreasonable trading conditions on individuals such as buying and selling prices. Differential treatment. Information push and commercial marketing to individuals through automated decision-making methods should also provide options that are not specific to their personal characteristics, and perhaps provide individuals with convenient methods of rejection. Individuals have the right to request personal information processors to clarify decisions made through automated resolution planning methods that have a serious impact on personal rights and interests, and have the right to reject personal information processors to make decisions only through automated resolution plans.
E
"Brushing face" in public places
Personal information collected
No other use
When Mingzai goes to work, he needs to "brush his face" to pass the gate of the building where the company is located. When he usually travels to some scenic spots, he is also asked to "brush his face" to identify him. He was very surprised: Are there any rules for the personal information protection law on the handling of personal "face" information in these public places?
■Legal rules Article 26 of the Personal Information Maintenance Law: The installation of image collection and personal identification equipment in public places shall be necessary to maintain public safety, abide by relevant national regulations, and set up prominent reminders. The personal images and identification information collected can only be used for the purpose of maintaining public safety and shall not be used for other purposes; those who have obtained the individual's sole approval are outside.
F
Handling sensitive personal information
Individual approval should be obtained
Mingzai’s children go to kindergarten. He often sees hobby training organizations in the vicinity of the kindergarten to attract customers. Some hobby training organizations allow parents to register personal information and children’s identity information, etc., and send gifts just by registering. Mingzi thinks that the registered child information is too detailed and inappropriate.
■Legal rules Article 28 of the Personal Information Protection Law: Sensitive personal information is personal information that, once leaked, may be illegally used, which may easily lead to infringement of the personal dignity of natural persons or damage to personal and property safety, including biometrics, religious beliefs , Specific identities, medical health, financial accounts, track and other information, as well as personal information of minors under the age of fourteen. Personal information processors can only process sensitive personal information when they have specific intentions and sufficient necessity, and take strict maintenance measures.
The law also rules: the handling of sensitive personal information shall obtain the individual's individual approval, and the handling of sensitive personal information by laws, administrative regulations and rules shall obtain written approval, according to its rules.
Rule 31: Personal information processors who process the personal information of minors under the age of fourteen shall obtain the approval of the minor’s parents or other guardians; for processing the personal information of minors under the age of fourteen, a special Personal information processing rules.
Voiceover
Violation of the Personal Information Protection Law
Or fined one million yuan
If the punishment is weak, the rules will be "soft." If relevant organizations and individuals violate the Personal Information Protection Law, what responsibilities will they assume? Mingzi raised questions about this.
According to the relevant rules of the Personal Information Maintenance Law, if the part that implements personal information maintenance duties finds that personal information processing activities are dangerous or may cause personal information security incidents, the legal representative of the personal information processor can follow the authority and procedures of the rules Or the main person in charge conducts an interview, or requires the personal information processor to entrust a professional organization to conduct a compliance audit of its personal information processing activities. For applications that illegally process personal information, order to suspend or stop the provision of services; if they refuse to make corrections, a fine of less than one million yuan will be imposed; the directly in charge and other directly responsible personnel will be imposed between 10,000 yuan and less than 100,000 yuan fine.
The law also stipulates that if the processing of personal information infringes on the rights and interests of personal information and causes damages, and the personal information processor cannot prove that he is not at fault, he shall undertake the infringement duties such as compensation for damages. Any violation of the rules of this law shall be recorded in the credibility file in accordance with the rules of relevant laws and administrative regulations, and shall be publicized; where a violation of public security management is constituted, public security management penalties shall be imposed in accordance with the law, and if a crime is constituted, criminal duties shall be investigated in accordance with the law.
Text/Yangcheng Evening News reporter Dong Liu Comics/Yangcheng Evening News reporter He Ben and Mai Yuheng
据《中国互联网络开展情况计算陈述》的数据显现,截至本年6月,我国互联网用户已达10.11亿,互联网网站422万个,应用程序数量302万款,个人信息的搜集、运用日趋广泛,个人信息维护问题成为社会最为重视的利益问题之一。
个人信息维护法的施行,对网络日子有怎样的影响?对个人信息维护有哪些支持保证?广东人“明仔”现身说法,结合他的经历和境遇,对照相关法条内容,分享了几个要点事例。
A
任何人不得不合法搜集运用
别人个人信息
本年4月21日,明仔在《羊城晚报》上看到一则报导:从2020年6月起,蒋某、巫某、彭某、王某、刘某在广州市尖彭路某公寓A1115房,由蒋某担任老板,向别人购买58同城网站的账号,由刘某、王某运用上述账号在58同城网站上发布很多虚假招聘信息搜集应聘者的公民个人信息,再由蒋某、巫某、彭某将刘某、王某二人所搜集的公民个人信息贩卖给别人牟利。经审计,蒋某等人不合法获取、销售的公民个人信息(含姓名和电话号码)数量合计42790条。
他发现,广州市白云区人民法院是这样判的:法院以为,被告人蒋某等五人违背国家法令规则,结伙不合法获取、出售公民个人信息,情节严重,已构成侵略公民个人信息罪,其中蒋某是主犯,其他四人系从犯。法院依法判处蒋某有期徒刑二年,并处罚金三万元;其他被告人有期徒刑一年二个月至十个月不等,并处罚金。
■法令规则 个人信息维护法第10条规则:任何组织、个人不得不合法搜集、运用、加工、传输别人个人信息,不得不合法买卖、供给或许揭露别人个人信息;不得从事损害国家安全、公共利益的个人信息处理活动。
B
六种景象处理个人信息
不需获得个人赞同
明仔的朋友开了一家企业,偷偷摸摸进行违法经营。后来,一家媒体曝光该企业的违法行为,在报导中揭露了企业名称以及法定代表人(即明仔的朋友)姓名、性别、名下开办企业情况。明仔的朋友以为,媒体的报导侵略了其个人信息合法权利。那么,依据个人信息维护法,媒体的行为是否违规?
■法令规则 个人信息维护法第13条规则:符合下列景象之一的,个人信息处理者方可处理个人信息——(一)获得个人的赞同;(二)为订立、实施个人作为一方当事人的合同所必需,或许按照依法拟定的劳作规章制度和依法签定的集体合同施行人力资源管理所必需;(三)为实施法定职责或许法定义务所必需;(四)为应对突发公共卫生事件,或许紧急情况下为维护自然人的生命健康和财产安全所必需;(五)为公共利益施行新闻报导、舆论监督等行为,在合理的规模内处理个人信息;(六)按照本法规则在合理的规模内处理个人自行揭露或许其他已经合法揭露的个人信息;(七)法令、行政法规规则的其他景象。按照本法其他有关规则,处理个人信息应当获得个人赞同,但是有前款第二项至第七项规则景象的,不需获得个人赞同。
C
个人信息搜集者
不得过度搜集个人信息
日子中,明仔下载了很多不同类型的APP。但他发现,有的APP在注册页面设置成“不赞同其格式条款”就无法进入“下一步”。明仔表明,这些格式条款中有些规则很过火,且与其运用APP的意图无关,比如要求用户授权查看通讯录等,实在不想“赞同”。
■法令规则 个人信息维护法第6条规则:处理个人信息应当具有明确、合理的意图,并应当与处理意图直接相关,采取对个人权益影响最小的方法。搜集个人信息,应当限于实现处理意图的最小规模,不得过度搜集个人信息。
第16条规则:个人信息处理者不得以个人不赞同处理其个人信息或许撤回赞同为由,回绝供给产品或许服务;处理个人信息归于供给产品或许服务所必需的在外。
D
不得在买卖价格等方面
实施不合理的差别待遇
近年来,明仔频频看到“大数据杀熟”的相关新闻。明仔举例说,此前,家住北京的周女士暑假预备带家人到海南旅行。为节省开支,周女士提早一个月开端经过某在线旅游渠道重视航班动态和价格信息。令她没想到的是,自己的精心策划居然被渠道大数据“盯”上了。
“机票第一次搜是一个价格,过一段时间再搜价格就涨了。”周女士表明,最后订单票价比初次查找票价高了近1000元,但朋友在同一天订到的同航班价格却比自己低几百元。即便考虑机票余量导致价格变动等因素,自己“明显也是被大数据狠狠‘宰’了一刀”。
■法令规则 个人信息维护法第24条规则:个人信息处理者利用个人信息进行自动化决议计划,应当保证决议计划的透明度和成果公平、公平,不得对个人在买卖价格等买卖条件上实施不合理的差别待遇。经过自动化决议计划方法向个人进行信息推送、商业营销,应当同时供给不针对其个人特征的选项,或许向个人供给便捷的回绝方法。经过自动化决议计划方法作出对个人权益有严重影响的决定,个人有权要求个人信息处理者予以阐明,并有权回绝个人信息处理者仅经过自动化决议计划的方法作出决定。
E
公共场所“刷脸”
搜集的个人信息
不得另作他用
明仔上班时,需要“刷脸”才能经过公司所在大厦的闸口。平常旅游一些景点时,他也被要求“刷脸”辨认。他很奇怪:个人信息维护法对这些公共场所个人“人脸”信息的处理有没有规则?
■法令规则 个人信息维护法第26条规则:在公共场所安装图像收集、个人身份辨认设备,应当为维护公共安全所必需,恪守国家有关规则,并设置显著的提示标识。所搜集的个人图像、身份辨认信息只能用于维护公共安全的意图,不得用于其他意图;获得个人独自赞同的在外。
F
处理灵敏个人信息
应获得个人独自赞同
明仔的孩子在上幼儿园,他经常在幼儿园邻近看到一些爱好训练组织吸引顾客,有的爱好训练组织让爸爸妈妈登记个人信息以及小孩的身份信息等,只需登记就送礼品。明仔以为,登记小孩信息过于详细,不妥。
■法令规则 个人信息维护法第28条规则:灵敏个人信息是一旦泄露或许不合法运用,容易导致自然人的人格尊严遭到侵害或许人身、财产安全遭到损害的个人信息,包含生物辨认、宗教信仰、特定身份、医疗健康、金融账户、行迹轨道等信息,以及不满十四周岁未成年人的个人信息。只有在具有特定的意图和充沛的必要性,并采取严厉维护措施的景象下,个人信息处理者方可处理灵敏个人信息。
该法还规则:处理灵敏个人信息应当获得个人的独自赞同,法令、行政法规规则处理灵敏个人信息应当获得书面赞同的,从其规则。
第31条规则:个人信息处理者处理不满十四周岁未成年人个人信息的,应当获得未成年人的爸爸妈妈或许其他监护人的赞同;处理不满十四周岁未成年人个人信息的,应当拟定专门的个人信息处理规则。
画外音
违背个人信息维护法
或被罚一百万元
假如处罚无力度,规则也会“软绵绵”。有关组织和个人假如违背个人信息维护法,将承当哪些职责?明仔对此提出了疑问。
根据个人信息维护法的相关规则,实施个人信息维护职责的部分发现个人信息处理活动存在较大危险或许产生个人信息安全事件的,能够按照规则的权限和程序对该个人信息处理者的法定代表人或主要担任人进行约谈,或要求个人信息处理者委托专业组织对其个人信息处理活动进行合规审计。对违法处理个人信息的应用程序,责令暂停或许停止供给服务;拒不改正的,并处一百万元以下罚款;对直接担任的主管人员和其他直接职责人员处一万元以上十万元以下罚款。
该法还规则,处理个人信息侵害个人信息权益造成损害,个人信息处理者不能证明自己没有过错的,应当承当损害赔偿等侵权职责。有本法规则的违法行为的,按照有关法令、行政法规的规则记入信誉档案,并予以公示;构成违背治安管理行为的,依法给予治安管理处罚,构成犯罪的,依法追究刑事职责。
文/羊城晚报记者 董柳 漫画/羊城晚报记者 何奔 麦宇恒
