重磅！两部门征求意见

Core Viewpoint - The article discusses the public consultation on the draft regulations for personal information protection on large internet platforms, initiated by the National Internet Information Office and the Ministry of Public Security, aiming to standardize personal information processing activities and protect individual rights while promoting healthy platform economic development [1][3]. Summary by Sections Introduction - The draft regulations are based on existing laws such as the Personal Information Protection Law, Data Security Law, and Cybersecurity Law, and are intended to regulate personal information processing on large internet platforms [3][5]. Definition of Large Internet Platforms - Large internet platforms are identified based on criteria including having over 50 million registered users or 10 million monthly active users, providing significant network services, and handling data that could impact national security or public interest if compromised [6]. Responsibilities of Large Internet Platforms - Platforms must adhere to principles of legality, necessity, and integrity in processing personal information, appoint a dedicated personal information protection officer, and ensure the protection of sensitive and minor users' information [6][7]. Personal Information Protection Officer - The personal information protection officer must be a member of the management team, possess relevant expertise, and report directly to the National Internet Information Office and relevant authorities in case of significant risks or violations [7][8]. Data Storage Requirements - Personal information collected within China must be stored domestically, with strict conditions for any data that needs to be transferred abroad, ensuring compliance with national security regulations [9][10]. Compliance and Auditing - Large platforms are encouraged to conduct regular compliance audits and risk assessments, potentially involving third-party organizations, especially in cases of significant data breaches affecting over 1 million individuals [15][17]. Rights of Individuals - Individuals must be provided with easy methods to access, correct, or delete their personal information, and platforms are required to respond to such requests within specified timeframes [10][11]. Reporting and Accountability - Platforms must report any changes in their personal information protection structures and cooperate with authorities during audits and investigations [10][12]. Encouragement of Innovation - The regulations encourage platforms to innovate in personal information protection technologies and participate in the development of international standards [18][19]. Confidentiality and Security - All involved parties must maintain confidentiality regarding personal information and comply with national security laws when handling sensitive data [13][14].