Information resource
Current Location: 十大买球平台排行 > Information resource > Personal information protection Act

Personal Information Protection Law of the People's Republic of China

2021820Adopted at the 30th Meeting of the Standing Committee of the 13th National People's Congress)

目录

Act 1

Act 2 Rules for processing personal information

First period General provision

The second section Rules for handling sensitive personal information

The third segment Special provisions for the processing of personal information by State authorities

Act 3 Rules for cross-border provision of personal information

Act Four The rights of individuals in the processing of personal information

Chapter Five Obligations of personal data processors

Act 6 The department that performs the duty of protecting personal information

Act 7 Legal responsibility

Act 8

内容

Act 1

Article one In order to protect the rights and interests of personal information, regulate the processing of personal information and promote the rational use of personal information, this Law is enacted in accordance with the Constitution。

Article 2 The personal information of natural persons is protected by law, and no organization or individual may infringe upon the rights and interests of the personal information of natural persons。

Article 3 This Law applies to the processing of personal information of natural persons within the territory of the People's Republic of China。

This Law shall also apply to activities outside the People's Republic of China that process the personal information of natural persons within the People's Republic of China under any of the following circumstances:

(1) For the purpose of providing products or services to domestic natural persons;

(2) To analyze and evaluate the acts of natural persons within the territory;

(3) Other circumstances provided for by laws and administrative regulations。

Article 4 Personal information is information about identified or identifiable natural persons recorded electronically or by other means, excluding information that has been anonymized。

The processing of personal information includes the collection, storage, use, processing, transmission, provision, disclosure and deletion of personal information。

Article 5 Personal information shall be processed in accordance with the principles of legality, legitimacy, necessity and good faith, and shall not be processed by means of misleading, fraud, coercion, etc。

Article 6 The processing of personal information should have a clear and reasonable purpose, and should be directly related to the purpose of processing, in a manner that has the least impact on the rights and interests of the individual。

The collection of personal information shall be limited to the minimum extent to achieve the purpose of processing, and excessive collection of personal information shall not be allowed。

Article 7 The processing of personal information shall follow the principles of openness and transparency, disclose the rules for the processing of personal information, and specify the purpose, method and scope of the processing。

Article VIII The processing of personal information shall ensure the quality of personal information and avoid the adverse impact of inaccurate and incomplete personal information on personal rights and interests。

The ninth article Personal information processors shall be responsible for their personal information processing activities and take necessary measures to ensure the security of the personal information processed。

Article ten No organization or individual may illegally collect, use, process or transmit others' personal information, or illegally trade, provide or disclose others' personal information;They shall not engage in personal information processing activities that endanger national security and public interests。

Article 11 The State establishes a sound system for the protection of personal information, prevents and punishes acts infringing upon the rights and interests of personal information, strengthens publicity and education on the protection of personal information, and promotes the formation of a favorable environment for the government, enterprises, relevant social organizations and the general public to participate in the protection of personal information。

Article 12 The State actively participates in the formulation of international rules on the protection of personal information, promotes international exchanges and cooperation on the protection of personal information, and promotes the mutual recognition of rules and standards on the protection of personal information with other countries, regions and international organizations。

Act 2 Rules for processing personal information

First period General provision

Article 13 A personal data processor may process personal information under any of the following circumstances:

(1) Obtaining the consent of the individual;

(2) necessary for the conclusion and performance of contracts to which the individual is a party, or necessary for the implementation of human resources management in accordance with labor rules and regulations formulated according to law and collective contracts concluded according to law;

(3) necessary for the performance of statutory duties or obligations;

(4) necessary for responding to public health emergencies or for protecting the life, health and property safety of natural persons under emergency circumstances;

(5) conduct news reporting, supervision by public opinion and other acts in the public interest, and process personal information within a reasonable scope;

(6) To process, within a reasonable scope, the personal information disclosed by an individual or that has been lawfully disclosed in accordance with the provisions of this Law;

(7) Other circumstances provided for by laws and administrative regulations。

In accordance with other relevant provisions of this Law, the processing of personal information shall obtain the consent of the individual, but in the case of items 2 to 7 of the preceding paragraph, it is not necessary to obtain the consent of the individual。

Article 14 Where the processing of personal information is based on an individual's consent, the consent shall be given voluntarily and explicitly by the individual under the premise of full knowledge。Where laws or administrative regulations provide that individual consent or written consent shall be obtained for the processing of personal information, such provisions shall prevail。

If the purpose, method and type of personal information processed are changed, the individual's consent shall be obtained again。

Article 15 Where the processing of personal data is based on an individual's consent, the individual has the right to withdraw his or her consent。Processors of personal data should provide an easy way to withdraw consent。

Withdrawal of consent by an individual does not affect the validity of the personal information processing activities that have been carried out on the basis of the individual's consent prior to withdrawal。

Article 16 Personal data processors shall not refuse to provide products or services on the grounds that individuals do not consent to the processing of their personal information or withdraw their consent;Except where the processing of personal information is necessary for the provision of products or services。

Article 17 Before processing personal information, the personal information processor shall truthfully, accurately and completely inform the individual of the following matters in a prominent manner and in clear and understandable language:

(1) the name and contact information of the person processing the personal information;

(2) the purpose and method of processing of personal information, the type of personal information processed, and the retention period;

(3) the manner and procedure by which individuals exercise the rights provided for in this Law;

(4) Other matters that shall be notified as provided for by laws and administrative regulations。

Where there is a change in the items specified in the preceding paragraph, the individual shall be informed of the change。

Where a processor of personal information notifies the matters referred to in paragraph 1 by formulating rules on the processing of personal information, the rules of processing shall be made public and readily accessible and stored。

Article 18 Where a processor of personal information processes personal information in circumstances where it is required by law or administrative regulations to be kept confidential or does not need to be informed, it may not inform the individual of the matters provided for in the first paragraph of the preceding article。

Where it is impossible to inform an individual in a timely manner in order to protect the life, health and property safety of a natural person in an emergency, the personal information processor shall notify the individual in a timely manner after the emergency has been eliminated。

Article 19 Unless otherwise provided for by laws and administrative regulations, personal information shall be kept for the shortest period necessary for the purpose of processing。

Article 20 Where two or more processors of personal information jointly decide on the purpose and method of processing of personal information, they shall agree on their respective rights and obligations。However, this agreement does not affect the individual's claim to any of the personal data processors to exercise the rights provided for in this Law。

Where processors of personal information jointly process personal information and cause damage to the rights and interests of personal information, they shall bear joint liability according to law。

Article 21 Where the personal information processor entrusts the processing of personal information, it shall agree with the trustee on the purpose, period, method of processing, types of personal information, protection measures, rights and obligations of both parties, and supervise the personal information processing activities of the trustee。

The agent shall process personal information in accordance with the agreement and shall not process personal information beyond the agreed purpose and method of processing;If the entrustment contract is not effective, invalid, revoked or terminated, the agent shall return the personal information to the personal information processor or delete it and shall not retain it。

Without the consent of the personal information processor, the trustee shall not delegate the processing of personal information to others。

Article 22 Where the personal information processor needs to transfer personal information due to merger, division, dissolution, or being declared bankrupt, etc., it shall inform the individual of the recipient's name or name and contact information。The receiving party shall continue to perform its obligations as a processor of personal information。If the receiving party changes the original purpose or method of processing, it shall obtain the consent of the individual again in accordance with the provisions of this Law。

Article 23 Where a personal data processor provides the personal information it processes to another personal data processor, it shall inform the individual of the recipient's name, contact information, processing purpose, processing method and type of personal information, and obtain the individual's separate consent。The receiving party shall process personal information within the scope of the above processing purposes, processing methods and types of personal information。If the receiving party changes the original purpose or method of processing, it shall obtain the consent of the individual again in accordance with the provisions of this Law。

Article 24 Personal information processors using personal information to make automated decisions shall ensure the transparency of the decisions and the fairness and justice of the results, and shall not impose unreasonable differential treatment on individuals in terms of transaction prices and other trading conditions。

Information push and commercial marketing to individuals through automated decision-making should be accompanied by options that are not specific to their personal characteristics, or provide individuals with convenient means of rejection。

When a decision is made by means of automated decision-making that has a significant impact on the rights and interests of the individual, the individual has the right to ask the processor of the personal information to explain it, and the right to refuse the processor of the personal information to make a decision only by means of automated decision-making。

Article 25 Personal information processors shall not disclose the personal information they process, except with the individual's consent。

Article 26 The installation of image acquisition and personal identification equipment in public places shall be necessary to maintain public security, comply with the relevant provisions of the State, and set up prominent prompt signs。The personal images and identification information collected can only be used for the purpose of maintaining public security and shall not be used for other purposes;Except where individual consent is obtained。

Article 27 The personal information processor may, within a reasonable scope, process the personal information disclosed by the individual himself or by other legally disclosed personal information;Except those expressly refused by the individual。Where the processing of disclosed personal information has a significant impact on the rights and interests of individuals, the processor shall obtain the consent of individuals in accordance with the provisions of this Law。

The second section Rules for handling sensitive personal information

Article 28 Sensitive personal information is once disclosed or illegally used,Personal information that is likely to cause the personal dignity of natural persons to be infringed or the personal and property safety to be jeopardized,This includes biometrics, religious beliefs, specific identities, medical care, financial accounts, and whereabouts,And personal information of minors under the age of 14。

The processing of sensitive personal information by the personal data processor is only possible if there is a specific purpose and sufficient necessity and strict protection measures are taken。

Article 29 Individual consent should be obtained for the processing of sensitive personal information;Where laws or administrative regulations require written consent for the processing of sensitive personal information, such provisions shall prevail。

Article 30 Where a personal data processor processes sensitive personal information, in addition to the matters provided for in the first paragraph of Article 17 of this Law, it shall inform the individual of the necessity of processing sensitive personal information and the impact on the rights and interests of the individual;Except those that may not be informed to individuals in accordance with the provisions of this Law。

Article 31 Where a personal data processor processes the personal information of a minor under the age of 14, it shall obtain the consent of the minor's parents or other guardians。

Where a personal information processor processes the personal information of minors under the age of 14, special rules for the processing of personal information shall be formulated。

Article 32 Where laws or administrative regulations require relevant administrative licenses or other restrictions on the processing of sensitive personal information, such provisions shall prevail。

The third segment Special provisions for the processing of personal information by State authorities

Article 33 This Law shall apply to the processing of personal information by State organs;Where there are special provisions in this section, the provisions of this Section shall apply。

Article 34 The processing of personal information by state organs to perform their statutory duties shall be carried out in accordance with the authority and procedures prescribed by laws and administrative regulations, and shall not exceed the scope and limit necessary for the performance of their statutory duties。

Article 35 State organs, in order to perform their statutory duties in handling personal information, shall fulfill the obligation of notification in accordance with the provisions of this Law;Except in the circumstances provided for in paragraph 1 of Article 18 of this Law, or where the notification would impede the performance of statutory duties by state organs。

Article 36 Personal information processed by state organs shall be stored within the territory of the People's Republic of China;If it really needs to be provided overseas, security assessment shall be carried out。The security assessment may require the support and assistance of the relevant departments。

Article 37 The provisions of this Law on the handling of personal information by state organs shall apply to organizations authorized by laws and regulations to handle personal information in order to perform their statutory duties。

Act 3 Rules for cross-border provision of personal information

Article 38 Where a personal information processor needs to provide personal information outside the People's Republic of China due to business needs, it shall meet one of the following conditions:

(1) Pass the security assessment organized by the national cyberspace administration in accordance with the provisions of Article 40 of this Law;

(b) in accordance with the provisions of the national network information department by professional institutions for personal information protection certification;

(3) Enter into a contract with the overseas recipient in accordance with the standard contract formulated by the national cyberspace administration, and stipulate the rights and obligations of both parties;

(4) Other conditions stipulated by laws, administrative regulations or the national cyberspace administration。

Where there are provisions in international treaties or agreements concluded or acceded to by the People's Republic of China on the conditions for providing personal information outside the territory of the People's Republic of China, such provisions may be followed。

Personal information processors shall take necessary measures to ensure that the processing of personal information by overseas recipients meets the personal information protection standards stipulated in this Law。

Article 39 The personal information processor provides personal information outside the People's Republic of China,The individual shall be informed of such matters as the name or name of the overseas recipient, the contact information, the purpose and method of processing, the type of personal information, and the way and procedure for the individual to exercise the rights provided for in this Law to the overseas recipient,And obtain individual consent from the individual。

Article 40 Critical information infrastructure operators and personal information processors that process personal information in the amount prescribed by the national network information department shall store the personal information collected and generated within the territory of the People's Republic of China。If it really needs to be provided overseas, it shall pass the security assessment organized by the national network information department;Where laws, administrative regulations and the national network information department stipulate that security assessment may not be carried out, such provisions shall prevail。

Article 41 The competent authorities of the People's Republic of China shall, in accordance with relevant laws, international treaties and agreements concluded or acceded to by the People's Republic of China, or in accordance with the principle of equality and reciprocity, handle requests from foreign judicial or law enforcement agencies for the provision of personal information stored in China。Without the approval of the competent authorities of the People's Republic of China, the personal information processor shall not provide the personal information stored in the territory of the People's Republic of China to foreign judicial or law enforcement agencies。

Article 42 Overseas organizations and individuals engage in infringement of the personal information rights and interests of citizens of the People's Republic of China,Or personal information processing activities that endanger the national security and public interests of the People's Republic of China,The national network information department may include it in the list of restricting or prohibiting the provision of personal information,Make public,And take measures such as restricting or prohibiting the provision of personal information to them。

Article 43 Where any country or region adopts discriminatory prohibitions, restrictions or other similar measures against the People's Republic of China in respect of the protection of personal information, the People's Republic of China may, in light of the actual situation, take reciprocal measures against that country or region。

Act Four The rights of individuals in the processing of personal information

Article 44 Individuals shall have the right to know and decide on the processing of their personal information, and shall have the right to restrict or refuse the processing of their personal information by others;Except as otherwise provided by laws and administrative regulations。

Article 45 The individual has the right to access and copy his or her personal information to the personal data processor;Except in the circumstances provided for in Article 18, paragraph 1, and Article 35 of this Law。

Where an individual requests access to or copy his or her personal information, the personal information processor shall provide it in a timely manner。

If an individual requests the transfer of personal information to his or her designated personal information processor, and meets the conditions stipulated by the national network information Department, the personal information processor shall provide the means of transfer。

Article 46 If an individual finds that his personal information is inaccurate or incomplete, he shall have the right to request the personal information processor to correct or supplement it。

Where an individual requests to correct or supplement his personal information, the personal information processor shall verify his personal information and correct or supplement it in a timely manner。

Article 47 Under any of the following circumstances, the personal information processor shall take the initiative to delete the personal information;If the personal information processor does not delete it, the individual has the right to request deletion:

(1) the purpose of the processing has been achieved, cannot be achieved, or is no longer necessary to achieve the purpose of the processing;

(2) the personal information processor has stopped providing products or services, or the retention period has expired;

(3) Withdrawal of consent by the individual;

(4) Processing personal information in violation of laws, administrative regulations or agreements;

(5) Other circumstances provided for by laws and administrative regulations。

If the storage period prescribed by laws and administrative regulations has not expired, or it is technically difficult to delete personal information, the personal information processor shall stop processing it except for storage and taking necessary security protection measures。

Article 48 Individuals have the right to request the processors of their personal information to explain the rules governing the processing of their personal information。

Article 49 In the event of the death of a natural person, his close relatives may, for their own lawful and legitimate interests, exercise the rights of viewing, copying, correcting and deleting the relevant personal information of the deceased as provided for in this Chapter;Unless otherwise arranged before the death of the deceased。

Article 50 Personal information processors shall establish convenient mechanisms for accepting and processing applications for the exercise of individual rights。Refusing an individual's request to exercise his rights shall state the reasons。

Where a personal data processor refuses an individual's request to exercise his rights, the individual may bring a lawsuit in a people's court according to law。

Chapter Five Obligations of personal data processors

Article 51 Personal information processors should be based on the purpose of personal information processing, processing methods, types of personal information and the impact on personal rights and interests, possible security risks,Take the following measures to ensure that personal information processing activities comply with the provisions of laws and administrative regulations,And prevent unauthorized access and disclosure, tampering, loss of personal information:

(1) To formulate internal management systems and operating procedures;

(2) Implement classified management of personal information;

(3) Take appropriate security technical measures such as encryption and de-identification;

(4) Reasonably determine the operational authority of personal information processing, and regularly conduct safety education and training for employees;

(5) Formulate and organize the implementation of personal information security incident emergency plans;

(6) Other measures prescribed by laws and administrative regulations。

Article 52 A personal information processor that processes personal information in the amount specified by the national cyber information department shall designate a personal information protection officer who is responsible for supervising the personal information processing activities and the protection measures taken。

The personal information processor shall disclose the contact information of the person in charge of personal information protection, and submit the name and contact information of the person in charge of personal information protection to the department that performs the duty of personal information protection。

Article 53 Processing of personal information outside the People's Republic of China as specified in the second paragraph of Article 3 of this Law,Special agencies or designated representatives shall be established within the territory of the People's Republic of China,Responsible for handling personal information protection related matters,The name of the relevant institution or the name and contact information of the representative shall be submitted to the department performing the duty of personal information protection。

Article 54 Personal information processors shall conduct regular compliance audits on their compliance with laws and administrative regulations in handling personal information。

Article 55 Under any of the following circumstances, the personal information processor shall conduct a personal information protection impact assessment in advance and record the processing:

(1) Processing sensitive personal information;

(b) the use of personal information for automated decision-making;

(3) entrust processing of personal information, provide personal information to other personal information processors, disclose personal information;

(4) Providing personal information abroad;

(5) Other personal information processing activities that have a significant impact on the rights and interests of individuals。

Article 56 The personal information protection impact assessment shall include the following:

(1) whether the purposes and methods of processing of personal information are legal, legitimate and necessary;

(2) the impact on individual rights and interests and security risks;

(3) whether the protective measures taken are legal, effective and appropriate to the degree of risk。

Personal information protection impact assessment reports and records of processing should be kept for at least three years。

Article 57 In the event of or the possibility of leakage, alteration or loss of personal information, the personal information processor shall immediately take remedial measures and notify the departments and individuals responsible for the protection of personal information。The notice shall include the following matters:

(A) the personal information leakage, alteration, loss of information occurred or may occur, the type of information, the cause and the possible harm;

(2) Remedial measures taken by the personal data processor and harm mitigation measures that individuals can take;

(3) Contact information of the personal information processor。

If the personal information processor takes measures to effectively prevent the harm caused by information disclosure, tampering or loss, the personal information processor may not notify the individual;Where the department responsible for the protection of personal information considers that harm may be caused, it has the right to require the personal information processor to notify the individual。

Article 58 Personal information processors that provide important Internet platform services, have a large number of users, and have complex business types shall fulfill the following obligations:

(a) In accordance with the provisions of the State to establish a sound personal information protection compliance system system, the establishment of an independent body mainly composed of external members to supervise the protection of personal information;

(b) In accordance with the principles of openness, fairness and justice, formulate platform rules to clarify the standards for the handling of personal information by product or service providers within the platform and the obligations to protect personal information;

(3) To stop providing services to products or service providers within the platform that seriously violate laws and administrative regulations in processing personal information;

(4) Regularly release social responsibility reports on personal information protection and accept social supervision。

Article 59 A trustee entrusted to handle personal information shall, in accordance with the provisions of this Law and relevant laws and administrative regulations, take necessary measures to ensure the security of the personal information handled and assist the personal information processor in fulfilling the obligations provided for in this Law。

Act 6 The department that performs the duty of protecting personal information

Article 60 The national cyberspace administration is responsible for the overall coordination of personal information protection and related supervision and management。The relevant departments under The State Council shall be responsible for the protection, supervision and administration of personal information within the scope of their respective functions and duties in accordance with the provisions of this Law, relevant laws and administrative regulations。

The responsibilities of the relevant departments of the local people's governments at or above the county level for the protection, supervision and administration of personal information shall be determined in accordance with the relevant provisions of the State。

The departments provided for in the preceding two paragraphs are collectively referred to as the departments that perform the duties of personal information protection。

Article 61 Departments responsible for the protection of personal information shall perform the following duties for the protection of personal information:

(1) to carry out publicity and education on the protection of personal information, guide and supervise the processing of personal information to carry out personal information protection work;

(2) Receiving and handling complaints and reports related to the protection of personal information;

(C) organize the application and other personal information protection assessment, and publish the assessment results;

(4) investigating and dealing with illegal personal information processing activities;

(5) Other duties prescribed by laws and administrative regulations。

Article 62 The national cyberspace administration coordinates and coordinates relevant departments to promote the following personal information protection work in accordance with this Law:

(1) To formulate specific rules and standards for the protection of personal information;

(2) Formulate special personal information protection rules and standards for small personal information processors, processing sensitive personal information, and new technologies and applications such as face recognition and artificial intelligence;

(3) Support the research, development, promotion and application of secure and convenient electronic identity authentication technologies, and promote the construction of public services for online identity authentication;

(4) Promote the construction of a social service system for the protection of personal information, and support relevant institutions to carry out personal information protection assessment and certification services;

(5) Improve the working mechanism for personal information protection complaints and reports。

Article 63 The department performing the duty of personal information protection may take the following measures to perform the duty of personal information protection:

(1) To question the parties concerned and investigate the situation related to the processing of personal information;

(2) To consult and copy the contracts, records, account books and other relevant materials related to the parties' personal information processing activities;

(3) Conducting on-site inspections to investigate suspected illegal personal information processing activities;

(4) Inspect equipment and articles related to personal information processing activities;Equipment and articles proved to be used for illegal personal information processing activities may be sealed up or seized after a written report is submitted to the principal responsible person of the department and approval is obtained。

Departments that perform the duties of personal information protection shall perform their duties according to law, and the parties concerned shall provide assistance and cooperation, and shall not refuse or obstruct them。

Article 64 The department performing the duties of personal information protection is performing its duties,It is found that there is a great risk in the processing of personal information or a personal information security incident occurs,The legal representative or principal person in charge of the personal data processor may be interviewed in accordance with the prescribed authority and procedures,Or require personal information processors to entrust professional organizations to conduct compliance audits of their personal information processing activities。Personal information processors shall take measures as required to rectify and eliminate hidden dangers。

Departments performing the duty of personal information protection in the performance of their duties, found illegal handling of personal information suspected of crime, shall be transferred to the public security organs in a timely manner for handling according to law。

Article 65 Any organization or individual has the right to complain and report illegal personal information processing activities to the department that performs the duty of personal information protection。The department that receives the complaint or report shall handle it in a timely manner according to law, and inform the complainant of the result of the handling。

The department performing the duty of personal information protection shall publish the contact information for receiving complaints and reports。

Act 7 Legal responsibility

Article 66 Processing personal information in violation of this Law,Or processing personal information without fulfilling the personal information protection obligations provided for in this Law,The department responsible for the protection of personal information shall order it to make corrections,Give a warning,Confiscation of illegal gains,Applications that illegally process personal information,Order suspension or termination of the provision of services;recalcitrant,A fine of not more than one million yuan;The persons directly in charge and other persons directly responsible shall be imposed a fine of not less than 10,000 yuan but not more than 100,000 yuan。

Have the illegal acts specified in the preceding paragraph,serious,The department at or above the provincial level that performs the duty of personal information protection shall order correction,Confiscation of illegal gains,And a fine of not more than 50 million yuan or not more than 5 percent of the previous year's turnover,And may order the suspension of the relevant business or business rectification, notify the relevant competent department to revoke the relevant business license or business license;The persons directly in charge and other persons directly responsible shall be imposed a fine of not less than 100,000 yuan but not more than one million yuan,It may also decide to prohibit them from serving as directors, supervisors, senior managers and persons in charge of personal information protection of relevant enterprises for a certain period of time。

Article 67 Any illegal act as provided for in this Law shall be recorded in the credit file in accordance with the provisions of relevant laws and administrative regulations and shall be publicized。

Article 68 Where a state organ fails to perform its personal information protection obligations as provided for in this Law, it shall be ordered to make corrections by the organ at a higher level or by the department that performs the duties of personal information protection;The persons directly in charge and other persons directly responsible shall be given sanctions according to law。

Where a staff member of a department performing the duty of personal information protection neglects his duty, abuses his power or engages in malpractices for personal gain, if no crime is constituted, he shall be punished according to law。

Article 69 If the processing of personal information infringes on the rights and interests of personal information and causes damage, the personal information processor cannot prove that he is not at fault, he shall bear the tort liability such as damages。

The liability for damages provided for in the preceding paragraph shall be determined on the basis of the loss suffered by the individual or the benefit gained by the person processing the personal information;If it is difficult to determine the loss suffered by the individual and the benefits gained by the personal data processor, the amount of compensation shall be determined according to the actual situation。

Article 70 Where a personal information processor violates the provisions of this Law by processing personal information and infringes upon the rights and interests of a large number of individuals, the people's Procuratorate, a consumer organization as prescribed by law or an organization determined by the cyberspace administration of the State may bring a lawsuit in a people's court according to law。

Article 71 Whoever violates the provisions of this Law and constitutes an act violating the administration of public security shall be punished for the administration of public security according to law;If the case constitutes a crime, criminal responsibility shall be investigated according to law。

Act 8

Article 72 This Law shall not apply to natural persons handling personal information for personal or family affairs。

Where laws have provisions on the handling of personal information in the statistical and archival management activities organized and implemented by the people's governments at various levels and their relevant departments, such provisions shall apply。

Article 73 The meaning of the following terms in this Law:

(1) The term "personal information processor" refers to an organization or individual who independently decides the purpose and method of processing in the processing of personal information。

(2) Automated decision-making refers to the activity of automatically analyzing and evaluating an individual's behavior habits, interests, or economic, health, credit status through a computer program, and making decisions。

(c) De-identification refers to the process by which personal information is processed so that it cannot be identified by a specific natural person without the aid of additional information。

(4) Anonymization refers to the process in which personal information cannot be identified by a specific natural person after processing and cannot be restored。

Article 74 The act itself2021111With immediate effect。

Add: No.5 Jianshe South 1st Road, Shenbei New District, Shenyang, Liaoning, China Zip Code: 110122

Office telephone: 024-89708710 Enrollment telephone: 89708729 Employment telephone: 89715595

Site construction and maintenance: Information Technology Center

Copyright: Liaoning College of Communications   Liao ICP No. 15018630


  • Scan code to enter Weibo

  • Scan code and follow official wechat