1. What are the regulations on data processing for enterprises and institutions?
The Regulations clarify the main responsibility of enterprises and institutions in data processing. “Byelaw” the provisions of article 57 of chapter 4, “the market main body to carry out data processing activities, shall implement the data management main body responsibility, establish and perfect the system of data management organization structure, management and self assessment mechanism, protection and management of classified data classification, in order to strengthen the management of data quality, ensure the authenticity of the data, accuracy, completeness, timeliness.”
In addition, the Regulations have made specific provisions for market entities in the collection, circulation, storage, trading, destruction and other aspects of information.
II. What are the provisions of pilot significance in the Regulations?
1. Clear protection of minors
Article 20 of Chapter II stipulates that the processing of personal data of minors under the age of 14 shall be carried out in accordance with the relevant provisions on the processing of sensitive personal data, and the express consent of their guardians shall be obtained before the processing; Where the personal data of adults without or with limited capacity for civil conduct are handled, the express consent of their guardians shall be obtained before processing.
2. Taking the lead in introducing “data rights” in legislation
It is clear that natural persons have the rights and interests of personality with respect to personal data according to law, including the rights and interests of informed consent, supplement and correction, deletion, access and duplication, etc.
3. What provisions are made in the Data Regulations of Shenzhen Special Economic Zone on the protection of personal data?
Personal information protection is stricter, such as illegal access to user information, “big data”, “user portrait”, data abuse and other phenomena that are hated by netizens, the “data” has made clear restrictions.
The Regulations clearly stipulate that natural persons enjoy personal rights and interests with respect to their personal data, and establish five basic principles for handling personal data, namely, the principle of legality, minimum necessity, openness and transparency, accuracy and integrity, and ensuring safety.
At the same time, in order to severely crack down on the infringement of personal data, the Regulations also increased the penalties for violations, stipulating that “infringement of the legitimate rights and interests of other market entities and consumers, if the circumstances are serious, shall be penalized with a fine of less than 5 percent of the turnover of the previous year, up to a maximum of 50 million yuan”; In terms of the system, Article 13 of Chapter II stipulates that “a complaint and report handling mechanism for personal data protection shall be established and related complaints and reports shall be handled according to law”.
IV. What are the influences on the development of local digital economy?
The value of data is flow. A highlight of the Regulations is the exploration of the establishment of a data trading system, and the inclusion of “data factor market” in a separate chapter of the Regulations.
In Chapter 4 “Data Elements Market”, the Regulations define the scope of data trading, that is, “data products and services formed by legal processing of data”. At the same time, it proposes that the Municipal People’s Government should promote the establishment of data trading platforms and guide market subjects to conduct data trading through the platforms.
At the level of public data, the principle of “public data should be shared as the principle, and no sharing as the exception” is clarified, and the municipal government service data management department undertakes the daily work of the Municipal Public Data Professional Committee. This provision may have a significant impact on promoting the digitalization of local government affairs.
Five, whether local data security regulations will become the norm?
In the field of biological information recognition, in 2020, Hangzhou City of Zhejiang Province took the lead in the country to launch the local legislation of face recognition prohibitive clauses — “Hangzhou Property Management Regulations (Revised Draft)”; On January 1, 2021, Tianjin issued the Tianjin Social Credit Regulations, stipulating that enterprises, public institutions, industry associations and chambers of commerce are prohibited from collecting biometric information such as face, fingerprint and voice.
The regulation issued by Shenzhen is the first basic and comprehensive legislation in the field of data in China. The regulation attaches equal importance to the protection of personal information and the promotion of the development of the digital economy, and covers several aspects such as personal data, public data, data element market and data security.
With the further development of the digital economy and the increasing value of data security as a market factor, there should be more local laws and regulations in the future.
Please click on the “Shenzhen Special Economic Zone Data Regulations” for detailed information.