事关网民个人信息保护!两部门公开征求意见
Yang Shi Xin Wen Ke Hu Duan·2025-11-23 01:13

Core Viewpoint - The National Internet Information Office and the Ministry of Public Security have drafted the "Regulations on Personal Information Protection for Large Internet Platforms (Draft for Comments)" to solicit public opinions, focusing on the responsibilities of large internet platform service providers in protecting personal information [1][2]. Group 1: Definition and Responsibilities - Large internet platform service providers are defined based on criteria such as having over 50 million registered users or 10 million monthly active users, providing significant network services, and handling data that could impact national security and public interests if compromised [1][2]. - These providers must appoint a personal information protection officer who is a member of the management team, a Chinese national, and has at least five years of relevant experience [2]. Group 2: Protection of Sensitive Information - The draft emphasizes strict protection of sensitive personal information, particularly that of minors, and mandates that service providers bear the primary responsibility for data security [2][3]. - Providers are required to store personal information collected within China domestically, with specific conditions for any data transferred abroad [2]. Group 3: Establishment of Protection Mechanisms - Service providers must establish dedicated personal information protection work institutions to implement internal management systems, conduct risk assessments, and handle complaints related to personal information protection [3]. - They are also required to publish an annual social responsibility report on personal information protection [3]. Group 4: User Rights and Data Transfer - Large internet platform service providers must facilitate users' rights to access, copy, correct, delete, and transfer their personal information, providing methods for account cancellation and consent withdrawal [4][5]. - Upon receiving a request for data transfer, providers must complete the transfer within 30 working days and inform users of the outcome through various communication methods [5].