The Personal Information Protection Law of the People's Republic of China, which came into effect on November 1, is a law that comprehensively regulates the protection of personal information and fully responds to social concerns.
According to the data of the "Statistical Report on the Development of China's Internet Network", as of June this year, China's Internet users have reached 1.011 billion, 4.22 million Internet websites, 3.02 million applications, the collection and use of personal information is becoming more and more extensive, and the protection of personal information has become one of the most concerned interest issues in society.
How does the implementation of the Personal Information Protection Law affect online life? What are the support guarantees for the protection of personal information? Guangdong "Ming Zai" appeared and said, combined with his experience and situation, compared with the content of relevant laws, shared several key cases.
A
No one shall illegally collect and use it
Personal Information of Others
On April 21 this year, Ming Zai saw a report in the Yangcheng Evening News: From June 2020, Jiang, Wu, Peng, Wang, and Liu were in room A1115 of an apartment on Jianpeng Road in Guangzhou, with Jiang as the boss, buying an account number from others on the 58.com website, and Liu and Wang used the above accounts to publish a large number of false recruitment information on the 58.com website to collect the personal information of the applicants, and then Jiang, Wu, and Peng would be Liu, The citizens' personal information collected by Wang and Wang was sold to others for profit. After auditing, the number of citizens' personal information (including names and telephone numbers) illegally obtained and sold by Jiang and others totaled 42,790.
He found that the Baiyun District People's Court of Guangzhou City made a judgment as follows: The court held that the defendant Jiang X and five other people violated state laws and regulations by ganging up to illegally obtain and sell citizens' personal information, the circumstances were serious, and it constituted the crime of infringing on citizens' personal information, of which Jiang X was the main offender and the other four were accessories. The court sentenced Jiang to two years' imprisonment and a fine of 30,000 yuan in accordance with law; the remaining defendants were sentenced to fixed-term imprisonment ranging from one year, two months to ten months, and fined.
Article 10 of the Personal Information Protection Law stipulates that no organization or individual may illegally collect, use, process, or transmit the personal information of others, shall not illegally buy, sell, provide, or disclose the personal information of others, and shall not engage in personal information processing activities that endanger national security or the public interest.
B
Handling of personal information in six situations
No personal consent is required
Mingzai's friend opened a business and secretly carried out illegal business. Later, a media outlet exposed the illegal conduct of the enterprise, and in the report, the name of the enterprise and the name, gender, and establishment of the business under the name of the legal representative (that is, Mingzai's friend) were disclosed. Mingzai's friends believe that the media report violates his legal right to personal information. So, under the Personal Information Protection Act, is the media acting in violation of the law?
Article 13 of the Personal Information Protection Law stipulates that the processor of personal information may process personal information in any of the following circumstances: (1) obtain the consent of the individual; (2) necessary for the conclusion and performance of the contract of the individual as a party, or necessary for the implementation of human resources management in accordance with the labor rules and regulations formulated in accordance with the law and the collective contract signed in accordance with the law; (3) necessary for the performance of statutory duties or legal obligations; (4) in response to public health emergencies, Or in emergency situations, it is necessary to protect the life, health, and property safety of natural persons; (5) carry out news reporting, public opinion supervision, and other such conduct for the public interest, and handle personal information within a reasonable range; (6) handle personal information that is self-disclosed or otherwise lawfully disclosed within a reasonable range in accordance with the provisions of this Law; (7) other circumstances provided for by laws and administrative regulations. In accordance with other relevant provisions of this Law, individual consent shall be obtained for the handling of personal information, but where there are circumstances provided for in items 2 to 7 of the preceding paragraph, individual consent is not required.
C
Personal Information Collectors
Personal information must not be collected excessively
In life, Mingzai downloaded many different types of apps. But he found that some apps set the registration page to "do not agree with their standard terms" and could not enter the "next step". Ming Zai said that some of the provisions in these standard terms are excessive and have nothing to do with the purpose of using the APP, such as requiring users to authorize the view of the address book, etc., and really do not want to "agree".
Article 6 of the Personal Information Protection Law stipulates that the handling of personal information shall have a clear and reasonable purpose, and shall be directly related to the purpose of processing, and shall be adopted in a manner that has the least impact on the rights and interests of individuals. The collection of personal information shall be limited to the minimum scope for the purpose of processing, and personal information must not be collected excessively.
Article 16 stipulates that a personal information processor shall not refuse to provide products or services on the grounds that the individual does not agree to the processing of his or her personal information or withdraws his or her consent, unless the processing of personal information is necessary to provide the product or service.
D
Not in terms of transaction price, etc
Unreasonable differential treatment is introduced
In recent years, Ming Tsai has frequently seen news related to "big data killing". For example, Mingzai said that previously, Ms. Zhou, who lives in Beijing, was preparing to take her family to Hainan during the summer vacation. In order to save money, Ms. Zhou began to pay attention to flight dynamics and price information through an online travel platform a month in advance. What she did not expect was that her careful planning was actually "targeted" by the big data of the platform.
"The first search for a ticket is a price, and after a while the search price will rise." Ms. Zhou said that the fare of the last order was nearly 1,000 yuan higher than the initial search fare, but the price of the same flight booked by a friend on the same day was several hundred yuan lower than her own. Even considering factors such as price changes caused by the balance of tickets, I "obviously have been 'slaughtered' by big data."
Article 24 of the Personal Information Protection Law stipulates that personal information processors who use personal information to make automated decisions shall ensure the transparency of the decision-making and the fairness and impartiality of the results, and shall not discriminate between individuals in terms of transaction prices and other transaction conditions. Information pushing and commercial marketing to individuals through automated decision-making methods shall also provide options that are not specific to their personal characteristics, or provide individuals with convenient ways to refuse. Individuals have the right to request explanations from personal information processors and to refuse that personal information processors make decisions that are made only through automated decision-making.
And
"Brush your face" in public places
Personal Information Collected
No other use shall be permitted
When Mingzai goes to work, he needs to "brush his face" to pass through the floodgates of the building where the company is located. When visiting some attractions, he is also asked to "brush his face" for identification. He wondered: Does the Personal Information Protection Law provide for the handling of personal "face" information in these public places?
Article 26 of the Personal Information Protection Law stipulates that the installation of image collection and personal identification equipment in public places shall be necessary for maintaining public safety, comply with relevant national regulations, and set up conspicuous prompt signs. Personal images and identification information collected may only be used for the purpose of maintaining public safety and shall not be used for other purposes, except where the individual's separate consent is obtained.
F
Handling of Sensitive Personal Information
Individual consent should be obtained
Mingzai's children are in kindergarten, he often sees some interest training institutions near the kindergarten to attract customers, some interest training institutions let parents register personal information and children's identity information, etc., as long as the registration will send gifts. Ming Tsai believes that the information of registering children is too detailed and inappropriate.
■ Legal provisions Article 28 of the Personal Information Protection Law stipulates that sensitive personal information is personal information that, once leaked or illegally used, is personal information that is likely to cause the personal dignity of natural persons to be infringed or the safety of persons and property to be endangered, including information such as biometrics, religious beliefs, specific identities, medical health, financial accounts, whereabouts, and personal information of minors under the age of 14. The processor of personal information may only process sensitive personal information if there is a specific purpose and sufficient necessity, and strict protection measures are in place.
The Law also stipulates that the individual's separate consent shall be obtained for the handling of sensitive personal information, and where laws or administrative regulations provide that written consent shall be obtained for the handling of sensitive personal information, follow those provisions.
Article 31 provides: Where personal information processors handle the personal information of minors under the age of 14, they shall obtain the consent of the minor's parents or other guardians; where handling the personal information of minors under the age of 14, special rules for handling personal information shall be formulated.
voice-over
Violation of the Personal Information Protection Act
Or be fined a million dollars
If the punishment is not strong, the regulations will also be "soft". What are the responsibilities of organizations and individuals who violate the Personal Information Protection Act? Ming Tsai questioned this.
In accordance with the relevant provisions of the Personal Information Protection Law, where departments performing personal information protection duties discover that there is a greater risk in personal information handling activities or that personal information security incidents occur, they may follow the scope of authority and procedures provided for to interview the legal representative or principal responsible person of the personal information processor, or request that the personal information processor retain a professional organization to conduct a compliance audit of their personal information handling activities. For applications that illegally handle personal information, order the suspension or termination of the provision of services; if they refuse to make corrections, they shall be fined not more than 1 million yuan; and the directly responsible supervisors and other directly responsible personnel shall be fined between 10,000 yuan and 100,000 yuan.
The law also stipulates that if the handling of personal information infringes on the rights and interests of personal information and causes damage, and the personal information processor cannot prove that he is not at fault, he shall bear tort liability such as damages. Where there is unlawful conduct provided for in this Law, it is to be recorded in the credit archives in accordance with the provisions of relevant laws and administrative regulations, and to be made public; where it constitutes an act in violation of the administration of public security, a punishment for the administration of public security is to be given in accordance with law, and where a crime is constituted, criminal responsibility is to be pursued in accordance with law.
Text/Yangcheng Evening News reporter Dong Liu Comic/Yangcheng Evening News reporter He Ben Mai Yuheng
Source: Yangcheng Evening News
![Colleague Big Old Lee retired. I didn't see him for two days, and I asked others to learn that he had retired two days ago, and that day he had run out of people in the office after work, and he had packed up his personal belongings alone, the next day[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)