"network data security management regulations" announced and will come into effect on january 1 next year
2024-10-01
한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina
people's daily online, beijing, october 1 (fang jinglun) according to the "industry information wechat news", the "network data security management regulations" were adopted at the 40th executive meeting of the state council on august 30, 2024, and are now announced. starting from 2025 effective from january 1st.
the "regulations" aim to regulate online data processing activities, ensure the security of online data, promote the reasonable and effective use of online data in accordance with the law, protect the legitimate rights and interests of individuals and organizations, and safeguard national security and public interests. the regulations include 9 chapters and 64 articles, which mainly provide clear provisions in five aspects.
the first is to put forward the overall requirements and general regulations for network data security management. clearly encourage the innovative application of network data in various industries and fields, implement classified and hierarchical protection of network data, actively participate in the formulation of international rules and standards related to network data security, strengthen industry self-discipline, and prohibit illegal network data processing activities. network data processors are required to fulfill obligations such as establishing and improving network data security management systems, security risk reporting, and security incident handling.
the second is to refine the personal information protection regulations. clarify the rules for handling personal information and the specific regulations that should be followed. online data processors are required to provide convenient methods and channels to support individuals in exercising their rights, and are not allowed to set unreasonable conditions to restrict individuals' reasonable requests. clarify the protection obligations for personal information collected using automated collection technologies, and refine the ways to implement personal information transfer requests, etc.
the third is to improve the important data security system. clearly formulate the responsibilities and requirements for important data catalogues, and stipulate the obligations of network data processors to identify and declare important data. specify the responsibilities of the network data security management agency and the person in charge of network data security. clarify specific requirements for risk assessment of important data.
the fourth is to optimize cross-border security management regulations for network data. clarify the conditions under which network data processors can provide personal information overseas, and stipulate that personal information can be provided overseas in accordance with international treaties and agreements concluded or joined. it is stipulated that if the data has not been notified by the relevant regions or departments or has been publicly released as important data, it does not need to be reported as important data for data export security assessment.
fifth, clarify the obligations of network platform service providers. specify network data security protection requirements for network platform service providers, third-party product and service providers and other entities. clarify the rules for pushing information to individuals through automated decision-making, and stipulate requirements for large-scale network platform service providers to publish annual social responsibility reports on personal information protection and prevent cross-border security risks of network data.
source: people's daily online
