Children’s personal information network protection regulations
The National Internet Information Office Order No. 4 "Children ‘s Personal Information Network Protection Regulations" has been approved by the National Internet Information Office, which is now announced, and will be implemented from October 1, 2019.
Director Zhuang Rongwen, on August 22, 2019, Article 1 In order to protect children’s 上海桑拿品茶 personal information security, promote child healthy growth, according to the Law of the People’s Republic of China, the Law of the People’s Republic of China Regulations, this provision is established.
Article 2 This statement is known as a child refers to a minor of the 14th and older. Article 3 The provisions are applied to activities such as collecting, storage, use, transfer, disclosing children’s personal information through the Internet in the territory of the People’s Republic of China. Article 4 Any organization and individual must not produce, release, and disseminate information on the safety of children’s personal information. Article 5 Children’s guardians shall correctly perform their monitoring duties, and education to guide children to enhance personal information protection awareness and ability to 上海水磨干磨工作室 protect children’s personal information. Article 6 Encourage Internet Industry Organization to guide network operators to formulate industry norms, conduct, etc., strengthen self-discipline, and fulfill social responsibility.
Article 7 If the network operator collects, stores, uses, transfer, discloses the personal information of children, and should follow the principles of justified, informed consent, and purpose, security, and use according to law.
Article 8 Network operators shall set up specialized children’s personal information protection rules and user agreements, and designate specialists responsible for children’s personal information protection.
Article 9 Network operators collect, use, transfer, disclose children’s personal information, and should inform the child guardian in a significant, clear manner, and the consent of children’s guardians should be obtained. Article 10 When the network operator acquires agreed, it shall also provide the refusal option, and clearly inform the following: (1) Collection, storage, use, transfer, disclose the purpose, way and range of children’s personal information; (2) Children The location, time limit and expiration of the information store; (3) Safety assurance measures for children’s personal information; (4) Rejected consequences; (5) Corporation and way of complaints, reporting channels; (6) correction, delete children Personal information pathway and method; (7) Other matters that should be told.
If the information specified by the preceding paragraph is substantial, the consent of children’s guardians should be obtained again.
Article 11 If the network operator shall not collected a child personal information that is not related to the services provided, it shall not violate the laws and administrative regulations and the agreement of the two parties to collect children’s personal information.
Article 12 Network operators store children’s personal information, and must not exceed the deadlines necessary to achieve their collection and use purposes.
Article 13 Network operators shall take measures such as encryption to store children’s personal information to ensure information security.
Article 14 The personal information of online operators uses children and must not violate the laws and administrative regulations and the purposes of the two parties.
Due to business needs, it is necessary to exceed the purpose of the agreed, and the consent of the child guardian should be obtained again.
Article 15 Network operators shall strictly set information access rights to their staff, strictly set information access, and control the scope of personal information of children. If the staff visits the child’s personal information, it should pass the person in charge of the child’s personal information protection or its authorized management personnel, and record access, and take technical measures to avoid illegal replication, downloading children’s personal information.
Article 16 If the network operator entrusts the personal information of the third party to handle the personal information of the child, it shall conduct safety assessments, sign the entrusted act, and identify the responsibility, handling of the two sides, delegation, dedication, and dedication. Behavior must not exceed the scope of authorization. The committee prescribed by the preceding paragraph shall perform the following obligations: (1) Treatment of children’s personal information in accordance with the provisions of law, administrative regulations and network operators; (2) Assist network operators to respond to the application for children’s guardians; ) Take measures to ensure information security, and timely feedback to network operators in time; (4) Delegation to delete children’s personal information in time; (5) Do not turn to commission; (6) Other law Children’s personal information protection obligations should be fulfilled.
Article 17 If the network operator transfers the child’s personal information to third parties, it shall be self-organized or commissioned a third-party agency for safety assessment.
Article 18 Network operators shall not disclose children’s personal information, but the laws and administrative regulations shall disclose or may be disclosed in accordance with the agreement with children’s guardians. Article 19 Children or their guardians have been discovered that there is a mistake in the collection, storage, use, and disclosure of network operators, and have the right to request network operators to correct. Network operators should take measures to be corrected in time. Article 20 Children or their guardians require network operators to delete their collection, storage, use, disclosure of children’s personal information, network operators should take measures to delete, including but not limited to the following scenarios: (1) Network operators Violation, administrative regulations or the agreement, storage, use, transfer, disclosure of children’s personal information; (2) The scope of the estimate or the necessary period is collected, stored, used, transferred, disclosed children’s personal information; ) Children’s guardian withdraw agreed; (4) Children or their guardians terminate the use of products or services by logout.
Article 21 The network operator finds that the child’s personal information or may have leaks, destroyed, lost, and should immediately start the emergency plan, take remedial measures; if you causing serious consequences, you should immediately report to the relevant competent department, and Inform the affected children and their guardians in email, letters, telephones, push notifications, etc.
Article 22 The network operator shall cooperate with the supervision and inspection of the Neticon Department and other relevant departments. Article 23 If a network operator stops operating a product or service, the activities of collecting children’s personal information should immediately stop the personal information of the child’s personal information, and the notice of the child’s personal information should be immediately stopped, and the notice of the suspension of the child will inform the child guardian in a timely manner. Article 24 Any organization and individual find a violation of this provision, and can report to the Nets and other relevant departments. If the Net Letter Department and other relevant departments receive related reports shall be processed in a timely manner.
Article 25 The network operator implements the child’s personal information security management responsibility, there is a large security risk or a safety incident, and the network operator shall be based on the responsibilities. The network operator should take measures to carry out rectification, eliminate Hidden dangers. Article 26 If the Net Letter Department and other relevant departments shall be processed according to the relevant laws and regulations such as the "Internet Information Service Management Measures" of the "Internet Information Service Management" of the People’s Republic of China; constitute a crime, investigate criminal responsibility.
Article 27 If this provision is investigated for legal responsibility, it shall be credited to the credit file in accordance with relevant laws and administrative regulations, and will be publicized. Article 28 Automatically retain processing information through the computer information system and cannot identify the information of the remaining processing belongs to the child’s personal information, and is implemented in accordance with other relevant regulations.
Article 29 These Provisions shall be implemented from October 1, 2019.