| Standards for Assessment of Personal Information Protection of Internet Enterprises | | 互联网企业个人信息保护测评标准 |
| (The China Law Association on Science and Technology and the Peking University Internet Law CenterMarch 15, 2014) | | (中国科学技术法学会、北京大学互联网法律中心 2014年3月15日) |
| I. Purpose | | 一、宗旨 |
| These Standards are developed to implement the Decision of the Standing Committee of the National People's Congress on Strengthening Information Protection on Networks, the Law on the Protection of Consumer Rights and Interests, the Provisions on Protecting the Personal Information of Telecommunications and Internet Users, the Administrative Measures for Online Trading, and other regulatory legal documents in respect of personal information protection, maintain the lawful rights and interests of users, and regulate the act of internet enterprises in their handling of personal information so as to realize a balance between the protection and use of personal information in the benign development of the industry. | | 本标准的制定是为了贯彻《全国人民代表大会常务委员会关于加强网络信息保护的决定》《消费者权益保护法》《电信和互联网用户个人信息保护规定》《网络交易管理办法》等与个人信息保护相关的规范性法律文件,维护用户合法权益并规范互联网企业的个人信息处理行为,以实现产业良性发展中个人信息保护与利用的平衡。 |
| These Standards, by specifically defining the obligations of internet enterprises, are dedicated to developing an effective user personal information protection practice mechanism on the basis of the regulatory legal documents in force, so as to promote, on the one hand, internet enterprises' establishing a personal information protection mechanism in compliance with the regulations and, on the other hand, to realize the protection of the lawful rights and interests of users in the aspect of personal information. | | 测评标准通过对互联网企业义务的具体规定,致力于在现有规范性法律文件的基础上,建立有效的用户个人信息保护实践机制,一方面推动互联网企业构建合规的个人信息保护机制,另一方面实现用户在个人信息方面合法权益的保障。 |
| II. Basis | | 二、依据 |
| These Standards are developed under the Decision of the Standing Committee of the National People's Congress on Strengthening Information Protection on Networks, the Law on the Protection of Consumer Rights and Interests, the Provisions on Protecting the Personal Information of Telecommunications and Internet Users, and the Administrative Measures for Online Trading, by reference to the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, the APEC Privacy Framework, the Guide to Personal Information Protection in Public and Business Use Systems, and other documents regarding the personal information protection both at home and abroad, based on the current situation of development of China's internet industry. | | 本标准依据《全国人民代表大会常务委员会关于加强网络信息保护的决定》《消费者权益保护法》《电信和互联网用户个人信息保护规定》《网络交易管理办法》,参照OECD《关于保护隐私和个人数据跨国流通的指导原则》、APEC《隐私保护纲领》、《公共及商用系统个人信息保护指南》等国内外个人信息保护领域相关文件,结合我国互联网产业发展现状制定。 |
| III. Definitions | | 三、定义 |
| The terms as mentioned in these Standards are defined as follows: | | 标准所涉及的术语定义如下: |
| 1. “Internet enterprise” | | 1. 互联网企业 |
| "Internet enterprise" means an organizational entity which handles personal information in providing users with technology service or content service via an information network. "Information networks" include information networks, such as the Internet, broadcast networks, fixed communication networks and mobile communication networks, with computers, televisions, fixed-line telephones, mobile phones and other electronic devices as terminals, and local area networks open to the public. | | 互联网企业是指利用信息网络向用户提供技术服务或内容服务的过程中处理个人信息的组织实体。“信息网络”包括以计算机、电视机、固定电话机、移动电话机等电子设备为终端的计算机互联网、广播电视网、固定通信网、移动通信网等信息网络,以及向公众开放的局域网络。 |
| 2. Initial party, related party and third party | | 2. 初始方、关联方、第三方 |
| "Initial party" means an internet enterprise which directly collects personal information from users when providing technology service or content service. | | 初始方是指在提供技术服务或内容服务过程中直接向用户收集个人信息的互联网企业。 |
| "Related party" means an internet enterprise in a control relationship with a particular initial party and whose policy for personal information protection is not substantively different from that of the initial party. "Control" means the right to determine the financial and operational policies of an internet enterprise by means of equity or agreement and on the basis of which benefits can be obtained from the operation activities of the internet enterprise. | | 关联方是指与特定初始方有控制关系,且其个人信息保护政策与初始方不存在实质性差异的互联网企业。“控制”是指有权以股权或协议决定一个互联网企业的财务和经营政策,并能据以从该互联网企业的经营活动中获取利益。 |
| "Third party" means an organizational entity or natural person which does not collect personal information from users but obtains personal information from an initial party or a related party. | | 第三方是指未直接向用户收集个人信息,但从初始方或关联方处获取个人信息的组织实体或自然人。 |
| 3. User | | 3. 用户 |
| "User" means a natural person who uses the service provided by an internet enterprise and may be identified by the personal information. For the purpose of these Standards, "minor" means a person under 18 years of age with limited or no capacity of conduct | | 用户是指使用互联网企业提供的服务并可通过个人信息识别的自然人。本标准中所称的“未成年人”是指未满18周岁的限制民事能力人或无民事行为能力人。 |
| 4. Personal information | | 4. 个人信息 |
| Personal information means information or an information aggregate which is capable of effectively and feasibly identifying a particular user, separately or in combination with other information, such as name, date of birth, identification certificate number, address, telephone number, account number and password. | | 个人信息是指能够切实可行地单独或通过与其他信息结合识别特定用户身份的信息或信息集合,如姓名、出生日期、身份证件号码、住址、电话号码、账号、密码等。 |
| Where information or an information aggregate, upon the irreversible handling for anonymity or de-identification, is not susceptible of reasonably identifying particular users, these Standards shall not apply. | | 本标准不适用于经不可逆的匿名化或去身份化处理,使信息或信息集合无法合理识别特定用户身份的信息。 |
| 5. Handling | | 5. 处理 |
| "Handling" means the collection, processing, use and transfer of the personal information of users by internet enterprises. In particular: | | 处理是指互联网企业对用户个人信息的收集、加工、使用、转移行为,其中: |
| "collection" means the act of obtaining and storing personal information; | | 收集是指获取并保存个人信息的行为。 |
"processing" means the act of operation of collected personal information with automatic systems to meet the need of use and transfer;
...... | | 加工是指将收集的个人信息进行自动化系统操作以满足使用、转移需要的行为。
...... |
|
Dear visitor, as a premium member of this database, you will get complete access to all content.Please go premium and get more.
1. To become a premium member, please call 400-810-8266 Ext. 171.
2. Binding to the account with access to this database.
3. Apply for a trial account.
4. To get instant access to a document, you can Pay Amount 【¥500.00】 for your single purchase. | |
您好:您现在要进入的是北大法宝英文库会员专区。
如您是我们英文用户可直接 登录,进入会员专区查询您所需要的信息;如您还不是我们 的英文用户;您可通过网上支付进行单篇购买,支付成功后即可立即查看本篇内容。
Tel: +86 (10) 82689699, +86 (10) 82668266 ext. 153
Mobile: +86 13311570713
Fax: +86 (10) 82668268
E-mail:info@chinalawinfo.com
|
| | | |
| | | |