On 19 December 2016, a draft of the PRC General Principles of the Civil Law was submitted to the NPC standing committee for a third reading. The draft prohibits anyone from collecting, using, processing, transferring, publicizing or selling personal information in violation of the law.
Previously, on 7 November 2016, the NPC also passed the Cybersecurity Law, effective from 1 June 2017. This law defines “personal information” as all information that can identify a particular person, e.g., name, birth date, ID card number, address and telephone numbers, regardless of whether in electronic or another form.
The Cybersecurity Law contains a number of provisions devoted to personal data protection. For instance, the Cybersecurity Law requires network operators to: (1) establish a comprehensive personal information protection system; (2) inform each data subject of the purposes, methods and scope of data collection, and obtain the data subject’s consent to the data collection; (3) not leak, alter or damage a data subject’s personal information; and (4) not provide a data subject’s personal information to others without the data subject’s consent.
You must be a
subscribersubscribersubscribersubscriber
to read this content, please
subscribesubscribesubscribesubscribe
today.
For group subscribers, please click here to access.
Interested in group subscription? Please contact us.