| Notice by the Cyberspace Administration of China of Request for Public Comments on the Measures for the Administration of Data Security (Consultation Paper) | | 国家互联网信息办公室关于《数据安全管理办法(征求意见稿)》公开征求意见的通知 |
For the purposes of safeguarding national security and the public interest, protecting the lawful rights and interests of citizens, legal persons and other organizations in cyberspace, and maintaining the security of personal information and important data, in accordance with the Cybersecurity Law of the People's Republic of China and other laws and regulations, the Cyberspace Administration of China has drafted, upon research, the Measures for the Administration of Data Security (Consultation Paper) in conjunction with relevant authorities, and hereby seeks public comments thereon. The public may submit comments by the following channels and means: | |
为了维护国家安全、社会公共利益,保护公民、法人和其他组织在网络空间的合法权益,保障个人信息和重要数据安全,根据《中华人民共和国网络安全法》等法律法规,国家互联网信息办公室会同相关部门研究起草了《数据安全管理办法(征求意见稿)》,现向社会公开征求意见。公众可通过以下途径和方式提出反馈意见: |
| |
|
| 1. Logging in to the legal information website of the Chinese government (http://www.chinalaw.gov.cn) and submitting comments through the “Collection of Comments on Legislation” on the homepage thereof. | | 1.登陆中国政府法制信息网(网址:http://www.chinalaw.gov.cn),进入首页的“立法意见征集”提出意见。 |
| |
|
| 2. Sending an email to security@cac.gov.cn. | | 2.通过电子邮件方式发送至:security@cac.gov.cn。 |
| |
|
| 3. Mailing their comments to the Cybersecurity Coordination Bureau of the Cyberspace Administration of China at 11 Chegongzhuang Avenue, Xicheng District, Beijing, 100044 and indicating "Comments on the Measures for the Administration of Data Security” on the envelope. | | 3.通过信函方式将意见寄至:北京市西城区车公庄大街11号国家互联网信息办公室网络安全协调局,邮编100044,并在信封上注明“数据安全管理办法征求意见”。 |
The deadline for the submission of comments is June 28, 2019. | |
意见反馈截止时间为2019年6月28日。 |
Annex: Measures for the Administration of Data Security (Consultation Paper) | |
附件:《数据安全管理办法(征求意见稿)》 |
Cyberspace Administration of China | |
国家互联网信息办公室 |
May 28, 2019 | |
2019年5月28日 |
Measures for the Administration of Data Security | |
数据安全管理办法 |
(Consultation Paper) | |
(征求意见稿) |
| |
|
| Chapter I General Provisions | | 第一章 总 则 |
| |
|
| Article 1 For the purposes of safeguarding national security and the public interest, protecting the lawful rights and interests of citizens, legal persons and other organizations in cyberspace, and maintaining the security of personal information and important data, these Measures are developed in accordance with the Cybersecurity Law of the People's Republic of China and other laws and regulations. | | 第一条 为了维护国家安全、社会公共利益,保护公民、法人和其他组织在网络空间的合法权益,保障个人信息和重要数据安全,根据《中华人民共和国网络安全法》等法律法规,制定本办法。 |
| |
|
| Article 2 These Measures shall apply to data collection, storage, transmission, processing, use and other activities conducted by making use of any network within the territory of the People's Republic of China (hereinafter referred to as the "data activities") and the protection, supervision and administration of data security, except for purely household or personal matters. | | 第二条 在中华人民共和国境内利用网络开展数据收集、存储、传输、处理、使用等活动(以下简称数据活动),以及数据安全的保护和监督管理,适用本办法。纯粹家庭和个人事务除外。 |
Where it is otherwise provided by any law or administrative regulation, such law or administrative regulation shall prevail. | |
法律、行政法规另有规定的,从其规定。 |
| |
|
| Article 3 The state shall adhere to according equal priority to guaranteeing data security and development, encourage research and development of data security protection technologies, actively advance the development and utilization of data resources, and guarantee the lawful, orderly and free movement of data. | | 第三条 国家坚持保障数据安全与发展并重,鼓励研发数据安全保护技术,积极推进数据资源开发利用,保障数据依法有序自由流动。 |
| |
|
| Article 4 The state shall adopt measures to monitor, defend, and dispose of data security risks and threats arising within and outside the People's Republic of China, protect data from divulgation, theft, tampering, damage, and illegal use, among others, and punish illegal and criminal activities endangering data security pursuant to the law. | | 第四条 国家采取措施,监测、防御、处置来源于中华人民共和国境内外的数据安全风险和威胁,保护数据免受泄露、窃取、篡改、毁损、非法使用等,依法惩治危害数据安全的违法犯罪活动。 |
| |
|
| Article 5 Under the leadership of the Central Cyberspace Affairs Commission, the national cyberspace authority shall coordinate, direct and supervise the security protection of personal information and important data. | | 第五条 在中央网络安全和信息化委员会领导下,国家网信部门统筹协调、指导监督个人信息和重要数据安全保护工作。 |
The cyberspace authorities at and above the prefecture (city) level shall direct and supervise the security protection of personal information and important data within their respective administrative areas in light of their duties. | |
地(市)及以上网信部门依据职责指导监督本行政区内个人信息和重要数据安全保护工作。 |
| |
|
| Article 6 A network operator shall, in accordance with the provisions of relevant laws and administrative regulations, by reference to national cybersecurity standards, perform its obligation to protect data security, establish data security management responsibility and assessment and evaluation rules, develop data security plans, implement technological protection of data security, assess data security risks, prepare emergency plans for cybersecurity incidents, promptly dispose of security incidents, and organize data security education and training. | | 第六条 网络运营者应当按照有关法律、行政法规的规定,参照国家网络安全标准,履行数据安全保护义务,建立数据安全管理责任和评价考核制度,制定数据安全计划,实施数据安全技术防护,开展数据安全风险评估,制定网络安全事件应急预案,及时处置安全事件,组织数据安全教育、培训。 |
| |
|
| Chapter II Data Collection | | 第二章 数据收集 |
| |
|
| Article 7 A network operator that collects and uses personal information through a website, application program or any other product shall separately develop and disclose rules of collection and use. Such rules may be included in the privacy policy of the website, application program or any other product, or otherwise made available to users. | | 第七条 网络运营者通过网站、应用程序等产品收集使用个人信息,应当分别制定并公开收集使用规则。收集使用规则可以包含在网站、应用程序等产品的隐私政策中,也可以其他形式提供给用户。 |
| |
|
| Article 8 Any rule of collection and use shall be clear, specific, simple, and easily accessible and highlight the following: | | 第八条 收集使用规则应当明确具体、简单通俗、易于访问,突出以下内容: |
| |
|
| (1) Basic information about the network operator. | | (一)网络运营者基本信息; |
| |
|
| (2) The names and contact information of the primary person in charge and the person responsible for data security of the network operator. | | (二)网络运营者主要负责人、数据安全责任人的姓名及联系方式; |
| |
|
| (3) The purpose, type, quantity, frequency, means, and scope, among others, of the collection and use of personal information. | | (三)收集使用个人信息的目的、种类、数量、频度、方式、范围等; |
| |
|
| (4) The place and period for the storage of personal information and the processing method at the expiration of the period. | | (四)个人信息保存地点、期限及到期后的处理方式; |
| |
|
| (5) The rules for providing personal information for others, if applicable. | | (五)向他人提供个人信息的规则,如果向他人提供的; |
| |
|
| (6) Security protection strategies for personal information and other relevant information. | | (六)个人信息安全保护策略等相关信息; |
| |
|
| (7) Channels and methods for subjects of personal information to withdraw consent and to access, rectify and erase personal information. | | (七)个人信息主体撤销同意,以及查询、更正、删除个人信息的途径和方法; |
| |
|
| (8) Channels and methods for filing complaints and reports. | | (八)投诉、举报渠道和方法等; |
| |
|
| (9) Anything otherwise required by laws and administrative regulations. | | (九)法律、行政法规规定的其他内容。 |
| |
|
| Article 9 Any rule of collection and use that is included in the privacy policy shall be relatively concentrated and clearly indicated for easy reading. In addition, a network operator may not collect personal information until the user has been aware of its rules of collection and use and expressly given his or her consent. | | 第九条 如果收集使用规则包含在隐私政策中,应相对集中,明显提示,以方便阅读。另仅当用户知悉收集使用规则并明确同意后,网络运营者方可收集个人信息。 |
| |
|
| Article 10 A network operator shall strictly abide by its rules of collection and use, and the functional design of a website or application program to collect or use personal information shall be consistent with the privacy policy and be adjusted concurrently. | | 第十条 网络运营者应当严格遵守收集使用规则,网站、应用程序收集或使用个人信息的功能设计应同隐私政策保持一致,同步调整。 |
| |
|
Article 11 A network operator shall not force or mislead a subject of personal information into consenting to its collection of personal information by default authorization, function bundling, or other means, on the grounds of improving service quality, enhancing user experience, user-specific information pushing, researching and developing new products, among others.
...... | | 第十一条 网络运营者不得以改善服务质量、提升用户体验、定向推送信息、研发新产品等为由,以默认授权、功能捆绑等形式强迫、误导个人信息主体同意其收集个人信息。
...... |
|
Dear visitor, as a premium member of this database, you will get complete access to all content.Please go premium and get more.
1. To become a premium member, please call 400-810-8266 Ext. 171.
2. Binding to the account with access to this database.
3. Apply for a trial account.
4. To get instant access to a document, you can Pay Amount 【¥500.00】 for your single purchase. | |
您好:您现在要进入的是北大法宝英文库会员专区。
如您是我们英文用户可直接 登录,进入会员专区查询您所需要的信息;如您还不是我们 的英文用户;您可通过网上支付进行单篇购买,支付成功后即可立即查看本篇内容。
Tel: +86 (10) 82689699, +86 (10) 82668266 ext. 153
Mobile: +86 13311570713
Fax: +86 (10) 82668268
E-mail:info@chinalawinfo.com
|
| | | |
| | | |