Introduction and Comments on Measures for Data Security Management

It’s worth reading the complete article to get a feel for the restrictions that China is placing on network operators. It looks like they are learning from activities in the West and are building privacy measures as well as security. These two clauses caught my eye…:

[…] Requirements on Special Cases in Data Collection and Use:

  1. Targeted Push Information: (A) Network operators shall not, through authorization by default, bundling functions, or other means, force or mislead data subjects to consent to the collection of personal information. (Article 11) (B) Network operators shall, when using user data and algorithms to push news and commercial advertisements, clearly identify the words “targeted push,” and provide an option for users to reject the targeted push information. (C) If the user chooses not to receive targeted push information, network operators shall stop the push and erase the device identification code and other collected user data as well as any personal information. (D) Network operators shall, when conducting targeted push activities, comply with laws and regulations, respect social morality and business ethics, abide by public order and good morals, and be honest and diligent. All discriminatory and fraudulent acts shall be prohibited. (Article 23)
  2. Collection of Important Data or Sensitive Personal Information for Business Operation Purposes: (A) Network operators shall make a filing with the local cybersecurity administration. The filing shall include the rules for collection and use of such data, the purpose, volume, method, scope, type, retention period of the data, excluding the content of data itself. (Article 15) (B) Network operators shall appoint the person responsible for data security. The person responsible for the data security shall be selected from among personnel who have relevant management work experience and professional knowledge on data protection, participate in important decisions of relevant data activities, and report work directly to the main responsible person of the network operators. (Article 17)


Read the original article here