First of all, China’s laws directly protect personal information
Through the search engine of the National Laws and Regulations Database on the National People’s Congress website, we found that my country’s laws, regulations, rules and jurisdictions directly protect “personal information” The number of interpretations is quite limited, among which only the "Passport Law of the People's Republic of China", the "Nationality Law of the People's Republic of China" and the "National Identity Card Law" directly provide for the protection of "personal information". Paragraph 3 of Article 12 of the "Passport Law of the People's Republic of China" (passed on April 29, 2006 and implemented on October 1, 2007) stipulates: "The passport-issuing authority and its staff shall "Personal information of citizens known to them while obtaining a passport shall be kept confidential." Article 20 stipulates: "If a staff member of a passport-issuing agency commits any of the following acts during the process of applying for a passport, he or she shall be subject to administrative sanctions in accordance with the law; if a crime is constituted, criminal liability shall be pursued in accordance with the law: … (5) Disclosure of citizens’ personal information obtained through the production and issuance of passports, infringing upon citizens’ legitimate rights and interests…” “Resident Identity Card Law of the People’s Republic of China” (passed on June 28, 2003, effective on June 30, 2004 ) Paragraph 3 of Article 6 stipulates: "Article 19 stipulates: "If the people's police commit any of the following acts, they shall be given administrative sanctions according to the seriousness of the case; if they constitute a crime, they shall be held criminally responsible in accordance with the law.
There are only the following issues directly mentioned in administrative regulations, departmental rules and judicial interpretations with normative effect across the country: (1) "National Informatization Development Strategy 2006-2020". Item 5 of Article 6 of the development strategy puts forward the requirement of “promoting the construction of the legal system for information technology” and proposes: “Accelerate the construction of the legal system for information technology, properly handle the relationship between the formulation, modification and abolition of relevant laws and regulations, formulate and improve information infrastructure, Laws and regulations on e-commerce, e-government, information security, government information disclosure, and personal information protection create a good legal environment for the development of information technology, and timely amend and improve intellectual property rights, protection of minors, and electronic evidence based on the needs of information technology applications. and other aspects of laws and regulations. Strengthen international exchanges and cooperation in the construction of information-based legal systems, and actively participate in the research and formulation of relevant international rules; (2) "Internet Bulletin Board Service Management Regulations" (passed on October 8, 2000, on the same day. Implementation). Article 12 of the "Management Regulations" stipulates: "Bulletin board service providers shall keep Internet users' personal information confidential and shall not disclose it to others without the consent of Internet users, unless otherwise provided by law. (3) "Emergency Notice of the Supreme People's Court and the Supreme People's Procuratorate on Effectively Ensuring Judicial Personnel's Performance of Duties in accordance with the Law" (Fafa [2005] No. 173) (issued on August 25, 2005 and effective on the same day). Article 6 of the notice, "Strengthen the construction of the judicial police team and confidentiality work, and do a good job in publicity and education" states: "...strengthen the confidentiality of cases, and it is strictly prohibited to violate the regulations to disclose the case situation and the communication methods, addresses and other personal information of the investigators.
Those who leak secrets should be severely punished in accordance with the relevant provisions of the "Measures for Disciplinary Punishment of the People's Courts" and the "Regulations on Disciplinary Punishment of Prosecutors"..." In addition, in a few local regulations, there are occasionally direct provisions involving the protection of personal information. For example, Article 49 of the "Beijing Regulations on the Protection of Minors" revised in 2003 stipulates: "...without the consent of the minor's guardian, no organization or individual may collect, use, or publish the information of minors on the Internet. personal information. "On February 23, 2003, 65438, Shanghai passed local regulations on personal credit information - the Shanghai Trial Measures for the Management of Personal Credit Information, which made detailed provisions on the collection, processing and provision of personal credit information.
Especially in 2005, the People's Bank of China passed special department regulations for the management and protection of personal credit information - "Interim Measures for the Management of Basic Database of Personal Credit Information" (adopted on June 16, 2005, June 2005 Effective on the 10th). The Measures include seven chapters: general provisions, submission and sorting, inquiry, objection handling, security management, penalties and supplementary provisions, and provide detailed provisions on the collection, processing, utilization and circulation of personal credit information. This approach largely follows the principles of collection restriction, information quality, purpose specificity, use restriction, security, openness, personal participation and responsibility, although there are still some flaws in the content and responsibility. Loopholes, such as the lack of a seizure system for disputed information, a civil compensation system for personal damage caused by wrong information, etc., but in any case, we can regard this method as a milestone in the history of our country's personal information protection legislation, and it created a special field in our country The first legislation to protect personal information.
Second, Chinese laws provide indirect protection for personal information.
In addition to the above-mentioned laws and regulations that explicitly protect personal information, there are also some laws and regulations in my country. The law protects personal information by stipulating personal dignity, personal privacy, personal secrets and other categories related to personal information. In terms of fundamental law, our country's Constitution (1982) states that "citizens' personal dignity shall not be violated" and "citizens' residences shall not be violated." , "citizens' right to freedom of communication and communication confidentiality", "the state respects and protects human rights" and other relevant provisions can be interpreted as the constitutional basis for personal information to be protected by law. There are also some or more in the country's basic departmental laws. There are few, explicit or implicit legal provisions related to the protection of personal information. For example, the "General Principles of the Civil Law" (1986) stipulates that "the personal dignity of citizens shall be protected by law"; the Criminal Law (1997) states that "infringement of the personal rights of citizens". In the special chapter on "rights and democratic rights", "illegal searches of other people's bodies and homes, or illegal intrusion into other people's homes" and "infringement of citizens' freedom of communication" are clearly classified as crimes; the Civil Procedure Law (1991) stipulates that "anything involving personal privacy" "Cases shall not be heard in public"; the "Criminal Procedure Law" stipulates that "cases involving personal privacy shall not be heard in public" and "criminal cases involving minors over the age of 14 but under the age of 16 shall not be heard in public." Cases involving crimes committed by minors over the age of 16 but under the age of 18 are generally not heard in public. "
As for the indirect protection of personal information, in addition to the above-mentioned fundamental national laws and basic departmental laws, there are also many departmental laws or administrative regulations, rules and judicial interpretations that are easily overlooked. In the special case of women and children's personal information Protection: The "Women's Rights and Interests Protection Law" (1992) stipulates that "women's personal dignity is protected by law"; the "Minor Protection Law" (1991) stipulates: "Respect the personal dignity of minors", "Any organization and individual The personal privacy of minors shall not be disclosed"; the "Maternal and Infant Protection Law" (1994) stipulates that "personnel engaged in maternal and infant health care shall strictly abide by professional ethics and keep the confidentiality of the parties concerned."
In terms of personal medical information: the "Law of Practicing Physicians" (1999) stipulates that "physicians shall not disclose health information obtained during the treatment process"; the "Regulations on Medical Records Management of Medical Institutions" (2002) requires that "except for medical personnel who carry out diagnosis and treatment activities for patients Except for medical service quality monitoring personnel, no institution or individual is allowed to access patients' medical records without authorization." The "Regulations on Handling Medical Accidents" (2002) further requires that "when medical institutions copy or copy medical records, the patient should be present"; "Infectious Diseases" The Law on Disease Prevention and Treatment (2004) prohibits "intentional disclosure of personal privacy-related information and materials of patients with infectious diseases, pathogen carriers, suspected patients with infectious diseases and their close contacts"; "Opinions on the Management of People Infected with HIV and AIDS Patients" "(1995) stipulates: "Personnel engaged in the diagnosis, treatment and management of HIV-infected and AIDS patients shall not disclose relevant information to unrelated persons. No unit or individual shall publish or disseminate the names and addresses of HIV-infected and AIDS patients. and other personal information. "In terms of personal communication information: "Postal Law" (1986) stipulates: "Postal enterprises and postal staff shall not provide information about users' use of postal services to any organization or individual"; NPC Standing Committee on Maintaining Internet Security The Decision (2000) prohibits "illegal interception, tampering or deletion of other people's emails or other data"; the "Regulations on Technical Measures for Internet Security Protection" (2005) stipulates: "Internet service providers and Internet users should establish corresponding management systems . User registration information shall not be disclosed or disclosed without the consent of the user, unless otherwise provided by laws and regulations. "In terms of personal financial information, the "Commercial Bank Law" stipulates that "commercial banks shall follow the principle of confidentiality for depositors." Banks have the right to refuse any unit or individual to inquire, freeze, or deduct personal savings deposits, except as otherwise provided by law." The "Regulations on the Real-Name System for Personal Deposit Accounts" stipulates that "Except as otherwise provided by laws and regulations, financial institutions shall not provide any information to any person. Organizations and individuals provide personal deposit account information." In terms of lawyer practice: the "Lawyers Law" (2001) stipulates that "lawyers shall keep the privacy of clients that they know during their practice activities"; the "Lawyers' Practice Guidelines" (2004) stipulate that "lawyers must keep the personal privacy of clients" . In terms of archive information, the "Archives Law" stipulates: "All state agencies, armed forces, political parties, social groups, enterprises, institutions and citizens have the obligation to protect archives."
Third, information controllers Self-regulatory mechanism for personal information protection
Due to the current lack of specific and unified personal information protection legislation in my country, some information controllers collect, process and utilize personal information in order to enhance the confidence of their counterparties. and transmission, further promote greater development of relevant industries, and unilaterally make commitments to protect personal information or formulate internal codes of conduct to protect personal information. This is a typical self-regulatory measure taken by information controllers to protect personal information. Information controllers in my country who take such self-regulatory measures to protect personal information are mainly concentrated in the non-public sector, especially some large commercial websites, and of course operators in other industries such as banks. The following are some typical self-regulatory measures taken by controllers of non-public sector information to protect personal information.
The well-known comprehensive website "Sina.com" states its "Privacy Protection" policy on its homepage. This privacy protection policy typically reflects the self-regulatory measures currently taken by website operators, so this article briefly introduces it. In its privacy protection policy, Sina.com first states: "Privacy is your important right. Providing us with your personal information is based on your trust in us. I believe that we will treat your personal information responsibly. We We believe that the information you provide can only be used to help us provide you with better services. Therefore, we have formulated Sina's personal information confidentiality system to protect your personal information. "Sina's self-discipline measures for personal information protection generally include the following. Content: 1. Types of personal information collected by this website. "Generally, you can access our sites anonymously and obtain information. Before we ask you to provide relevant information, we will explain the purpose of this information. Some of our sites require registration to join.
Generally, such registration only requires you to provide an email address and some basic information such as your job and position. Sometimes we will ask you to provide more information. We do this to better understand your needs and provide you with effective services. Information collected on our website includes name, address and telephone number. You have the right to decide not to accept any information provided by us at any time. "Second, regarding the protection and use of sensitive personal information. "We will take appropriate measures to protect your privacy. Whenever you provide us with sensitive information, we will take reasonable steps to protect your sensitive information, and we will also take reasonable security measures to protect stored personal information. We will not provide any of your personal information to unrelated third parties (including companies or individuals) without your permission, except in accordance with legal or government compulsory regulations. However, if you ask us to provide specific customer support services or ship certain items to you, we will need to provide your name and address to a third party (such as a shipping company). Our website will provide links to third party websites. Since we have no control over these websites, we recommend that you carefully read the personal information privacy policies of these third-party websites. "Third, the privacy protection principles of this website. (1) Whenever Sina needs to identify you or contact you, it will explicitly ask for the required information, that is, personal data. Generally speaking, when you register on the website, You will be asked for this information when requesting special services or participating in prize competitions. If possible, Sina will use some methods to confirm the accuracy and timeliness of your personal information. (2) Sina website and its necessary information. Service partners use your personal data to operate the website and services and will notify you of various new features and services, as well as various products of Sina.com and its affiliates. Sina will also carefully select product or service materials from other companies. To you, usually in connection with the service of the website itself, but this is not required (only for secondary use) (3) If Sina wishes to use personal data for secondary purposes, Sina will provide you with how to refuse this service. Instructions. You may terminate the sending of these letters according to the instructions on the information or promotional correspondence sent to you by Sina.com. (4) Sina.com may disclose personal data as required by law or in the good faith belief that doing so is necessary. Legal notice or to comply with legal process applicable to Sina.com; to protect the rights or property of Sina users; in emergency situations, to protect the personal or public safety of Sina and its users (5) At any time, if you believe that Sina has not. To comply with these principles, please notify us by email at privacy@staff Sina.com and we will make every effort to promptly improve this issue within reasonable and appropriate scope. "Fourth, Use of Cookies." The Sina website sometimes uses cookies to allow us to do so. Know which websites are popular so that you can get better service when you visit our website. Cookies do not track personal information. In this case, we will also use cookies. Save useful information so that our website can identify you when you visit our website again. The cookies of Sina website can only be read by Sina website. If your browser is set to reject cookies, you can still visit. Most of our websites. "Fifth, updates on personal information and privacy protection policy. "If your address, position (title), phone number or email address changes, you can change it according to the information published on the Sina website. Contact Sina to help us maintain the accuracy of your information. You can also update your personal information by logging into the update member information section on the Sina user registration page. Sina welcomes your comments and questions about this confidential system. We are committed to protecting your personal information and doing our best to ensure the security of this information. Due to the rapid development of online technology, we will update our information confidentiality system at any time. "
In banking business, Some banks have developed relevant internal regulations to protect customers' personal information.
In 1999, the Industrial and Commercial Bank of China issued the "Industrial and Commercial Bank of China Employees' Code of Conduct", which stipulates that ICBC employees should "strictly keep customer confidentiality. Employees are obliged to keep the information provided by customers confidential to safeguard the legitimate rights and interests of customers. Unless they can be provided in accordance with the law or through the customer Except for agreed information, employees have no right to disclose customer information without authorization. Unless necessary for work, do not talk about customers with colleagues. When communicating or transmitting business information over the phone or electronically, you should pay attention to protecting the security of customer information when answering inquiries about credit status. , shall be responsible for both the consultant and the customer. The data provided by the other party shall not exceed the scope permitted by the bank. Unrelated persons shall not have access to customer information at will, and shall not provide customer information to the public security bureau, procuratorate, court and other judicial authorities. , must have complete procedures issued by the public security and judicial departments, and strictly follow the prescribed procedures. It is strictly prohibited to disclose or provide customer information to relatives and friends. "In 2002, China Construction Bank issued the "China Construction Bank Personal VIP Customer Service Management Measures (Trial)". , stipulates: "Banks at all levels must establish files for each VIP customer, record the customer's personal data and service information, and shall not omit them." "Banks at all levels must properly keep customer files. Unless required by law or permitted by the customer, any unit And individuals are not allowed to disclose or disclose customer personal assets, account transactions and other customer information to the public.”
Fourth, industry self-discipline mechanism for personal information protection
In China, the Internet industry serves as the information industry. An important part of the industry has paid great attention to the increasingly serious threats to personal information. In China, the Internet industry is mainly the industry that adopts self-regulatory measures for personal information protection. In 2002, the Internet Society of China promulgated the "China Internet Industry Self-Discipline Convention", advocating for Internet industry practitioners to join the Convention, requiring members to "consciously safeguard the legitimate rights and interests of consumers and keep user information confidential; and shall not use the information provided by users to engage in any "At the same time, we agree that the Internet Society of China will be responsible for organizing the implementation of the Convention and delivering information on laws, policies and industry self-discipline of the Internet industry to members of the Convention." , promptly report the wishes and requirements of member units to the competent government departments, safeguard the legitimate interests of member units, organize the implementation of self-discipline in the Internet industry, and supervise member units' compliance with the convention.
As an important means to implement the self-regulatory mechanism of the personal information protection industry, industry self-regulatory logos have also appeared in China. However, with the rapid development of China's Internet industry, a series of discordant notes are hidden behind the rapid growth of the industry: the proliferation of spam, viruses, malware, online language violence, online pornography and other phenomena have prevented netizens from freely enjoying the Internet. life, their basic rights and interests have been seriously violated. June 165438, 2006 On October 1, the Internet Society of China, the Illegal and Bad Information Reporting Center, the Anti-Spam Information Center, the Evening News Association, and Qihoo Company officially announced that the first Internet charity brand "Clean Blue Ribbon" was officially launched. As a symbol of eliminating malicious behavior on the Internet, the clear blue ribbon is used to promote the message of "purifying the Internet space and working hard to combat cybercrime, everyone is responsible" and calls for "saving vulnerable groups on the Internet and putting an end to malicious behavior on the Internet." The blue ribbon symbolizes the ties that closely connect relevant government agencies, Internet companies and netizens. * * * It is a symbol of the country's concern and support for the healthy development of the Internet industry, a symbol of netizens' love for the Internet and their desire for a pure Internet space, and a symbol of Internet companies' commitment to pay attention to the feelings of netizens and abide by self-discipline.
In addition, different government departments use online government affairs, and a large number of citizens submit various aspects of information through the Internet. If there is no personal information protection policy, they will be willing to invade personal information. "I strongly agree with this statement.
It is precisely because of the current situation of the personal information protection mechanism that personal information is frequently threatened in our social life. In the face of this situation, in addition to strengthening self-protection and advocating In addition to the construction of a self-regulatory mechanism for personal information protection, more and more people hope that our country can formulate a special law in the field of personal information protection. In fact, from the perspective of building a legal society, whether it is to strengthen the self-protection of information subjects, Whether we advocate the establishment of a self-regulatory mechanism for personal information protection or the formulation of a personal information protection law, we should focus on observing and understanding it from the perspective of civil law protection of personal information. Although criminal law and administrative law can play an important and indispensable role in protecting personal information. But it can also prevent the infringement of personal information to a certain extent, while criminal law focuses on punishment and administrative management and has a limited role in confirming the rights of information subjects and providing comprehensive relief afterwards.
First of all, The self-help system in civil law can be used to strengthen the rights of information subjects to protect their personal information. In a society governed by the rule of law, although self-help is not allowed in principle, when it is too late to take public relief measures and the rights are in danger of being infringed, The law allows limited use of self-service, and information subjects can protect their personal information through legitimate defense or self-service within the scope permitted by law.
Secondly, as far as the self-regulatory mechanism is concerned, if the information controller voluntarily and unilaterally. If the controller makes a commitment to information protection, this behavior can be judged as a legal act with effective conditions under civil law. Once the conditions are met, that is, the information subject's information is controlled by the promisee, the information controller's commitment will become legally effective. , at this time, the information controller shall bear the information protection obligations it has promised; if an industry self-regulatory organization makes a commitment to personal information protection, it can be regarded as a commitment to information protection by all information controllers who join the self-regulatory organization. In this way, the effective conditions can also be used. To explain and deal with the relevant theories of legal behavior.
In addition, if we start from the social basis of the growth of civil law-the theory of civil society, industry organizations are an important part of modern civil society. It is an important part of state power and citizens. As a buffer zone between rights, the important role of industry organizations in protecting personal information cannot be underestimated. Finally, although the content of the Personal Information Protection Law is inseparable from the administrative protection and criminal protection of personal information, it is the most powerful for information subjects. The most substantive protection is to give them corresponding rights through the "Personal Information Protection Law", so that information subjects can use their own rights to resist improper interference by public power in their personal information and balance conflicts with other private rights subjects. When other people's personal information is improperly infringed, the law can impose civil liability on the infringer so that the infringed information subject can receive comprehensive relief and compensation.