Yin Xingshan, member of the National Committee of the Chinese People’s Political Consultative Conference: proposed to establish a special regulatory agency to protect personal information

YinXingshan,memberoftheNationalCommitteeoftheChinesePeople’sPoliticalConsultativeConference:proposedtoestablishaspecialregulatoryagencytoprotectpersonalinformation
Thisyear,theNationalPeople’sCongressandtheNationalPeople’sCongresswillsoon.Sauna,YewanglearnedthatYinXingshan,memberoftheNationalCommitteeoftheChinesePeople’sPoliticalConsultativeConference,secretaryofthePartyCommitteeofthePeople’sBankofChinaHangzhouCenterSub-branch,andpresident,saidinaninstructionthattheprotectionofpersonalinformationshouldbestrengthenedinthecontextofthewidespreadapplicationofbigdata.Howtostrengthentheprotectionofpersonalinformation?YinXingshanmaderecommendationsinfourareas:speedupthelegislativeprocess,establishaspecialregulatoryagency,implementtheoperatingnormsoftheoperatingsubject,andgivetheinformationsubjectself-protectionrights.YinXingshansaidinadvancethatduetotheresourcevalueofpersonalinformation,thepersonalinformationcollectedbyvarioussubdivisions,behaviorpatternsandotherdatahaveledtothecontinuousexpansionandspreadofpersonalinformation,andsomehavebeenusedbycriminalsasfraudcasestoprotectindividualsInformationsecurityisimminent.InYinXingshan’sview,atthisstage,thelackofprotectionofpersonalinformationismainlymanifestedinfouraspects:(1)Thelegalsystemisnotperfect.ThereisnospeciallegislationonpersonalinformationprotectioninChina.AlthoughtheConstitution,CriminalLaw,GeneralRulesofCivilLaw,NetworkSecurityLaw,andConsumerRightsProtectionLawareinvolved,thepertinenceandoperabilityarerelativelylacking.Intermsoflegalliability,violationsofpersonalinformationsecurityaremainlyinvestigatedforcriminalandadministrativeresponsibilities,andcivilliabilityisnotprominent.Obviously,thereisnolegalbasisforrightsrelief.(2)Lackofcompetentdepartment.Atpresent,thereisnoclearcompetentdepartmenttoinvestigate,collectevidence,stopandspecifybehaviorsthatviolatethesecurityofpersonalinformation.Theexistingpublicadministrationdepartmentsintervenefromtheperspectiveofnetworksecurityorconsumerrightsprotection,butthereisalackofeffectivecommunicationbetweendepartments.(3)Theoperatingentitylacksnorms.Thefirstisirregularmarketentry.OperatorsonlyneedtosetupaplatformorAPPtocollectuserpersonalinformation,someuse”webcrawlers”tocollect,andsomeimplantedTrojanhorsesuseredenvelopestolinkillegalcollection.Thesecondisthattheoperationsubjectisatastronglevel,compulsoryauthorization,excessiveclaimforpower,andexcessivecollectionofpersonalinformation.Thethirdisthelackofconstraintsontheuseofinformationbytheoperatingentities,andthepersonalinformationisusedarbitrarilyasitsownresources,suchasforpersonalcreditevaluation.Fourth,impropercustodyofinformationofoperatingentities,nostrictmanagementandtechnicalprotectionmeasures,andevenillegalsalesofpersonalinformationforprofit.(4)Theprotectionoftheinformationsubjectisweak.Theinformationsubjectlackstheawarenessoftherighttoself-determinationofinformation.Inordertoseekconvenienceandspeed,uploadsensitivepersonalinformationsuchas”face”and”fingerprint”asrequiredbytheserviceprovider.Somearekeentoshowofftheiridentities,wealth,sharefamilylifeandfeelingsonline,andexposealotofpersonalinformationonline.Inresponsetotheaboveproblems,YinXingshanputforwardfoursuggestionsinthepreliminarystage:(1)Speedupthelegislativeprocess.InMarch2019,theNationalPeople’sCongresshasdividedthe”PersonalInformationProtectionLaw”intoalegislativeplanandrecommendedthatthelegislativeprocessbeaccelerated.Throughspeciallegislation,wewillunifytheprotectionofpersonalinformationinthepublicandprivatefields,clarifytheprinciples,proceduresandconfidentialityofthecollectionanduseofpersonalinformationbyoperatingentities,protectionobligations,improperuse,legalliabilityforweakprotection,andsupervisorymeasuresandmeasurestakenbyregulatoryauthorities.(2)Establishaspecialregulatoryagency.Itisrecommendedthatinthelegislation,itisclearthatthespecializedagencyisresponsiblefororresponsiblefortheprotectionofpersonalinformation,establishaunifiedsystemandnorms,havetherighttosupervisetheoperationsubject,andcanhandleviolationsoflawsandregulations.Iftheleadresponsibilitymodeisadopted,thesupervisoryauthorityshouldplayacoordinatingrole,andtherelevantdepartmentsshouldcooperateinaccordancewiththelaw.(3)Carryoutoperationnormsfortheoperatingentities.Oneisthattheclearoperationsubjectmustcollect,use,andkeeppersonalinformationinaccordancewiththelaw,haveaclearandlegitimatepurpose,meetthe”minimum,necessary”requirements,andobtaintheexpressconsentoftheinformationsubject.Thesecondismeaningfulandbalancedprotection.Whileestablishingtheobligationtokeeppersonalinformationconfidential,italsoclearlyimplementsthebarrier-freecirculationofspecificpersonalinformationinaccordancewithlegalprovisions,socialpublicinterests,andtheconsentofthepartiesconcerned.Thethirdistostrengthenthemanagementofpractitioners,formulaterulesforinformationcollection,processing,transmission,disclosure,use,andconductprocessmonitoring.Onceinformationtransfereventsoccur,relevantpersonnelshouldbeheldaccountable.Atthesametime,technicalprotectionmeasureswillbeincorporatedintolegalnormstopromotethemainbodyofoperationstoexpandtechnicaldefense.(4)Givetheinformationsubjectself-protectionrights.Thefirstistheclear”informationself-determinationright”.Theinformationsubjecthastherighttodecidewhethertorecognizeorallowotherstousetheirowninformation.Establishan”informedconsent”system,onlytheinformationsubject’sinformedconsent,theoperatingsubjectcancollect,storeandusepersonalinformation.Thesecondistocausethe“righttobeforgotten”tobeincludedinthe“GeneralDataProtectionRegulation”oftheEuropeanUnion.Whentheownershipofinformationexercisesthe“righttobeforgotten”,theoperatingentitymustdeletetheinformationitholdsandberesponsiblefortheinformationthatispubliclydistributedThereisanobligationtonotifyotherstostopusinganddelete.Thethirdistograntcensorshipandrefusalrights.Theinformationsubjecthastherighttoreviewtheeligibilityoftheoperatingsubject,providepersonalinformationonlytothelegaloperatingsubject,andhavetherighttoobjectorrefusetoprovideinformationbeyondthescopeofcollection.Thefourthistherighttorewardandrelief.Whentheinformationsubjectfindsthattheinformationhasbeenabusedorinfringed,ithastherighttoseekadministrative,civilandcriminalreliefinaccordancewithlaw.Sauna,YeWangHouRunfangEditorWangJinyuproofreadingLiXiangling