The “Shenzhen Special Economic Zone Data Regulations” announced today that it prohibits the use of APPs without full authorization

Another result of Shenzhen’s implementation of comprehensive reform pilots – the “Shenzhen Special Economic Zone Data Regulations” (hereinafter referred to as the “Regulations”) was announced today on the website of the Standing Committee of the Municipal People’s Congress, and will be implemented from January 1 next year. This is the domestic data field. The first basic and comprehensive legislation. The “Regulations” insist on paying equal attention to the protection of personal information and the promotion of the development of the digital economy. The APP that citizens hate “will not be used without full authorization”, “killed” big data, willful collection of personal information, and mandatory personalized advertising recommendations. No,” and he was given a heavy penalty.

Yesterday afternoon, the Standing Committee of the Municipal People’s Congress held a meeting to interpret the regulations.

  Personal data processing rules are premised on “notice-consent”

The number of Internet users in my country has reached 900 million, and there are millions of applications. For a long time, some apps have collected personal information excessively and forced users to authorize. In response to this problem, the Regulations establish personal data processing rules based on the premise of “notification-consent”, that is, the processing of personal information should obtain individual consent under the premise of full notification in advance, and the data processor should provide a way to withdraw consent, and must not Unreasonably restrict or impose unreasonable conditions on the withdrawal of consent.

Currently, some mobile Internet applications (APPs) bundle the collection of personal data with their functions or services through a “package agreement”, and users cannot use the APP without agreeing to the full authorization. Many users are often forced to accept the “package agreement”, which seriously undermines the user’s decision-making power as the subject of personal data. To this end, the Regulations specifically stipulate that data processors shall not refuse to provide relevant core functions or services to natural persons on the grounds that they do not agree to process their personal data. However, the personal data is not necessary to provide the relevant core functions or services.

  Users have the right to refuse to be profiled and recommended

Many citizens have the experience of buying something online, and they are frequently pushed to advertise related products. The relevant person in charge of the Standing Committee of the Municipal People’s Congress said that the application of user portraits and personalized recommendation provides people with more accurate and personalized products and services, but it also brings some negative effects, which should be regulated. The “Regulations” stipulate that, for the purpose of improving the quality of products or services, data processors who create user portraits of natural persons shall clearly state to them the specific purposes and main rules of the user portraits. Natural persons have the right to refuse to recommend personalized products or services based on their user portraits or basic user portraits, and data processors should provide them with an effective way to refuse in an easily accessible way.

The “Regulations” treat the personal data of minors under the age of fourteen as sensitive personal data, which is clearly defined in domestic legislation for the first time, except in order to protect the legitimate rights and interests of minors under the age of fourteen and obtain the express consent of their guardians , to whom no personalized recommendations may be made.

  “Face Recognition” is not mandatory

Biometric technologies such as “face recognition”, “fingerprint verification”, “voice unlock” and “iris recognition” are widely used in public security, finance, medical care, transportation, schools, payment and other scenarios, profoundly changing people’s production and lifestyle. However, because biometric data is unique, lifelong, and immutable, once it is leaked or abused, it will cause more serious damage than general personal data.

In order to expand the application of biometric technology and avoid the abuse of biometric data, the Regulations make stricter regulations on the processing of biometric data – except that the biometric data is necessary and irreplaceable for the purpose of processing personal data, it should be While offering alternatives for processing other non-biometric data.

 Public data should be free and open to the greatest extent possible

The public data resources held by various government departments contain a huge amount of economic information. Through value-added development, it can not only bring convenience to citizens, but also generate huge economic benefits. The “Regulations” designed the top-level framework for public data governance, requiring the government to establish an urban big data center to achieve unified and intensive management of the city’s public data resources. It is clear that the principle of sharing public data is to be the exception, and no sharing is the exception, and a public data sharing demand docking mechanism based on the public data resource catalog system is established.

The “Regulations” clearly include organizations that provide public services such as education, health, social welfare, water supply, power supply, water supply, environmental protection, and public transportation into the scope of public management and service institutions, and the data generated and processed in the process of providing services are all public data. . Public data should be open to the maximum extent permitted by laws and regulations, and no fees should be charged.

Big data “killing” can be fined up to 50 million yuan

On the basis of strengthening the protection of personal data, the “Regulations” explore the cultivation of the data element market. While filling the gaps in the current legal norms related to data transactions, it is the first domestic legislation to establish a system related to fair data competition, aiming at “free riders” in the data element market. Special regulations have been made on competition chaos such as “earning for nothing” and “big data killing”.

The Regulations clearly stipulate that market players shall not use illegal means to obtain data on other market players, shall not illegally collect data on other market players to provide alternative products or services, and shall not discriminate against counterparties with the same trading conditions through data analysis without justifiable reasons. . Those who refuse to make corrections in violation of the above provisions shall be fined not less than 50,000 yuan but not more than 500,000 yuan; if the circumstances are serious, a fine of not more than 5% of the previous year’s turnover shall be imposed, with a maximum of not more than 50 million yuan.

The Links:   SP12N002 VI-2W1-EY