Legislative dynamics

2. Shenzhen, "Shenzhen Special Economic Zone Public Security Video Image Information System Management Regulations (Draft)"

On March 12, 2021, in order to regulate the planning, construction, application and management of the public security video and image information system in Shenzhen Special Economic Zone, maintain national security, public safety and social order, prevent, detect and crack down on illegal and criminal acts, and protect the legitimate rights and interests of natural persons, legal persons and unincorporated organizations, Shenzhen organized the drafting of the Regulations on the Administration of Public Security Video Image Information System of Shenzhen Special Economic Zone (Draft) (hereinafter referred to as the "Regulations"), and extensively solicited opinions and suggestions from all aspects of society.

The regulations explicitly prohibit the installation of systems in hotel rooms, hospital wards, collective dormitories, public bathrooms, toilets, changing rooms, nursing rooms and other places and areas involving citizens' privacy. The video image information system involving the collection of sensitive information such as public security portraits and license plates should be uniformly planned by the public security organs. No unit or individual may use the collected information to illegally conduct personal identification based on sensitive information such as portraits, human bodies and license plates. When sensitive video image information such as portrait, human body and license plate is used for public dissemination, protective measures shall be taken for private information such as individual characteristics of the parties involved and motor vehicle license plates so that specific individuals cannot be identified and cannot be recovered.

3. Science and Technology Law Society, Guidelines for the Assessment of Legal Compliance of Personal Information Processing

On March 11, 2021, the China Society of Science and Technology Law issued the group standard "Guidelines for Assessment of Legal Compliance with Personal Information Processing" (draft for comment).

The Guidelines indicate that the purpose of the guidelines for the assessment of legal compliance with personal information processing is to support organizations to prove and declare the compliance status and compliance ability of their personal information processing, and also include customers and regulators to check and supervise the compliance of personal information processing, so as to build understanding and trust between personal information related parties. And independent assessment agencies to provide legal compliance assessment, consulting and certification services for personal information related parties with the above needs. The Guidelines include three parts: overview and terminology, compliance framework, and implementation guidelines, providing more detailed guidance for relevant market players to carry out relevant assessments.

4. Measures for the Supervision and Administration of Online Transactions by the General Administration of Market Regulation

On March 15, 2021, the State Administration of Market Regulation issued measures for the supervision and administration of online transactions, which will be implemented on May 1.

The Measures set up special provisions for the protection of personal information, stipulating that the collection and use of consumers' personal information by online trading operators shall follow the principles of legality, legitimacy and necessity, express the purpose, method and scope of the collection and use of information, and obtain the consent of consumers, and shall not force or disguised force consumers to agree to the collection and use of information that is not directly related to business activities.

At the same time, the Measures require operators to obtain consumers' consent on a case-by-case basis when collecting or using sensitive information such as personal biometrics, medical and health care, financial accounts, and personal whereabouts. In response to the sharing of personal information between operators, especially large platform enterprises, and their own associated subjects, the Measures clearly stipulate that operators shall not provide any third party, including affiliated parties, without the authorization and consent of the collected party.

5. People's Bank of China Guidelines on Data Capacity Building in the Financial Industry

On March 10, 2021, the People's Bank of China issued the Guidance on Financial Data Capacity Building.

The Guidelines clearly define the basic principles of data work in the financial industry, divide the construction goals and ideas of 8 competence domains and 29 corresponding competence items from the aspects of data strategy, data governance, data architecture, data specification, data protection, data quality, data application, and data life cycle management, and provide comprehensive guidance for financial institutions to carry out financial data work.

1. The Ministry of Industry and Information Technology notified 136 apps that violated users' rights and interests

It is reported that according to the "Network Security Law", "Telecommunications Regulations", "Telecommunications and Internet user Personal information protection Regulations" and other laws and regulations, in accordance with the "Notice on the in-depth Promotion of APP infringement of user rights and interests of the special rectification action" (Ministry of Industry and Information Technology Letter (2020) 164) work deployment, The Ministry of Industry and Information Technology recently organized third-party testing agencies to inspect mobile apps and urged companies with problems to make corrections. Up to now, there are 136 apps that have not completed the rectification, and the above apps should complete the rectification and implementation work before March 17. If no rectification is made within the time limit, relevant disposal work will be organized according to law and regulations.

2. China Consumers Association releases "Ten Typical Cases of Consumer Rights Protection in China"

According to the official website of the China Consumers Association, on March 29, 2021, in order to give full play to the demonstration and leading role of judicial cases in protecting consumer rights and interests, promote socialist core values, safeguard fairness and justice, protect the legitimate rights and interests of consumers, promote market integrity, and deter illegal operators, The "Top Ten Typical Judicial Cases of National Consumer Rights Protection" and "Nomination of Top Ten typical Judicial Cases of National Consumer Rights Protection" were released.

The content of the "Ten typical judicial cases of National consumer rights protection" covers the current hot issues of consumer rights protection, such as the protection of personal information of mobile APP users, the "bundled installation" of Internet terminal software, and the problem of automobile consumer fraud.

3. The three institutes of the Ministry of Public Security released the 2020 report on Global Cybersecurity Policy and Law Dynamics and Research and Judgment

On March 10, 2020, the Third Research Institute of the Ministry of Public Security issued the 2020 annual "Global Cybersecurity Policy and Law Dynamics and Research Judgment".

The report takes key global strategies, policies, laws and standards in 2020 as research samples. It presents the global network security policy and legal layout from ten dimensions, including top-level strategic policy design, trade competition rules, data security and development, personal information protection and supervision, network content governance, critical information infrastructure protection, cybercrime suppression and prevention, cybersecurity vulnerabilities, password security, and new technology security and development. In-depth analysis of its development characteristics, key points and trends.

4. The National Development and Reform Commission and 13 departments of The State Council jointly issued the Opinions on Accelerating the High-quality Development of Manufacturing Service Industries

On March 23, 2021, the National Development and Reform Commission and other 13 departments recently jointly issued the "Opinions on Accelerating the High-quality Development of Manufacturing Service Industry" clearly, supporting qualified manufacturing service industry enterprises to go to the main board, GEM and overseas capital market for listing financing.

In terms of the digital transformation of the manufacturing industry, the Opinions require the development of a digital transformation roadmap for key industry areas. We will accelerate the development of urgently needed standards such as the maturity of the integration of the two processes and the digitalization of supply chains, and accelerate the pace of cloud use for industrial equipment and enterprises. Implement a special action on digital empowerment of small and medium-sized enterprises, and gather a number of digital service providers for small and medium-sized manufacturing enterprises. Promote the "5G+ Industrial Internet" 512 project, build 5 public service platforms for the construction and transformation of internal networks, select 10 key industries, and tap 20 typical application scenarios. Select a group of smart manufacturing benchmark factories with outstanding implementation results and great replication and promotion value in key areas such as metallurgy, petrochemical, automotive, and home appliances, accelerate the development of industrial smart manufacturing implementation roadmap, and revise and improve the national smart manufacturing standard system. Carry out network security capability implementation actions of networked manufacturing enterprises, and select a group of demonstration enterprises.

5. The Washington Congress passed the Washington Privacy Act (SB5062)

The bill would apply to companies that process the data of more than 100,000 Washington residents or process/control the personal data of 25,000 consumers, or that derive more than 25 percent of their revenue from the sale of personal information.

The bill will establish four key rights for consumers, namely the right to access personal data, the right to update and correct personal data, the right to data portability, and the right to object to the use of data. In addition, access to consumers' personal data for the purpose of targeted advertising, for the purpose of selling personal data, and access to sensitive personal data will require the company to conduct a data protection assessment. In addition, the bill stipulates that the Attorney General will be responsible for the enforcement of the Bill and have the power to impose fines and investigate violations of the Bill. If the bill is finally passed, it will take effect on July 31, 2022.

6. The State of Virginia passed the Virginia Consumer Data Protection Act

This month, the governor of Virginia signed the Consumer Data Protection Act, making Virginia the second state in the nation, after California, to enact comprehensive privacy legislation.

The Virginia Consumer Data Protection Act (CDPA) requires people doing business in the Commonwealth of Virginia to comply with a new set of data security and privacy requirements. The CDPA, which reflects some of the provisions in the European Union's General Data Protection Regulation (GDPR), will come into force on January 1, 2023. Businesses found to be in violation of the CDPA will be given 30 days to clean up their act, and the Virginia Attorney General will impose a fine of up to 7,500 per violation.

The bill will go to a committee to assess how it should be implemented, with its findings due in November.