事关每名网友！国家网信办、公安部，公开征求意见

Core Points - The National Internet Information Office and the Ministry of Public Security have drafted the "Regulations on Personal Information Protection for Large Internet Platforms (Draft for Public Consultation)" to standardize personal information processing activities and protect individual rights [1][4][20] - The draft is open for public feedback, aiming to promote healthy development of the platform economy while ensuring compliance with existing laws [1][4][20] Summary by Sections General Provisions - The regulations are designed to protect personal information rights and promote lawful and reasonable use of personal data [4] - Applicable to large internet platforms operating within the People's Republic of China, with specific criteria for identification based on user registration and active user metrics [6][4] Responsibilities of Large Internet Platforms - Platforms must adhere to principles of legality, necessity, and integrity in personal information processing, ensuring the protection of sensitive data and minors' information [6][4] - Platforms are required to appoint a personal information protection officer with relevant expertise and experience [5][6] Personal Information Protection Officer Duties - The officer must guide compliance with personal information processing regulations and participate in decision-making related to data handling [8][7] - They are responsible for monitoring data processing activities and reporting any significant risks or violations to relevant authorities [8][7] Data Storage and Management - Personal information collected within China must be stored domestically, with strict conditions for any data transferred abroad [11][12] - Data centers must meet specific criteria, including being located within China and having qualified management [12][11] Compliance and Auditing - Platforms are encouraged to conduct regular compliance audits and risk assessments, potentially involving third-party organizations [15][16] - In cases of significant data breaches or violations, platforms may be required to undergo external audits [16][17] Rights of Individuals - Individuals must be provided with easy methods to access, correct, or delete their personal information, and platforms must respond to such requests within specified timeframes [14][13] - Platforms can charge reasonable fees for repeated requests for data transfer [15][14] Reporting and Accountability - Platforms must report changes in their personal information protection officers and related structures within a specified timeframe [10][10] - Authorities will pursue accountability for any violations of these regulations, including potential criminal liability for severe breaches [18][18]