Legislative dynamics

1. Interim Provisions on the Protection and Management of Personal Information of Mobile Internet Applications by the Ministry of Industry and Information Technology

According to the news of Central Radio Network on February 6, the Provisional Provisions on the Protection and Management of Personal Information of Mobile Internet Applications drafted by the Ministry of Industry and Information Technology (hereinafter referred to as the Provisional Provisions) will be introduced soon.

The Provisional Provisions consist of 22 articles. In accordance with the two basic principles of informed consent and the minimum necessary personal information protection, the user shall be informed of the rules of personal information processing in clear and understandable language, and the user shall make a voluntary and clear expression of intention under the premise of full support; When engaged in APP personal information processing activities, it shall have clear and reasonable control, and follow the principle of minimum necessity, and shall not engage in personal information processing activities that exceed the scope of user consent or have nothing to do with the service scenario.

The "Interim Provisions" take APP developers and operators, APP distribution platforms, APP third-party service providers, mobile terminal telecom equipment producers and network technology service providers as the object of key regulatory services, and the relevant entities will be dealt with in accordance with the process of notification and rectification, public notification, removal and disconnection if they violate the provisions. If rectification is not completed as required or problems occur repeatedly, and violations such as technical confrontation are serious, in addition to direct removal and disconnection of access, APP distribution platforms and terminal telecom equipment producers will be advised to carry out risk warnings in integration, distribution, presetting and installation.

2. Municipal Regulatory Bureau, "The Implementation Opinions of the General Administration of Market Supervision on Improving the Credit Repair Mechanism"

On February 18, 2021, in order to further deepen the construction of the credit system of market entities, the State Administration for Market Regulation issued the "Implementation Opinions of the State Administration for Market Regulation on Improving the Credit Repair Mechanism (for consultation)

See draft) (the "Implementation Opinions"). Improving the credit repair mechanism is an inevitable requirement of the Party Central Committee and The State Council to deepen the reform of "decentralization service", an important measure to optimize the business environment, and an important content of the construction of the credit system for market players. The "Implementation Opinions" pointed out that according to the characteristics of different industries, the nature, circumstances and social harm degree of illegal and dishonest behavior should be comprehensively considered, combined with the parties to correct illegal and dishonest behavior, eliminate adverse effects, establish and improve the internal management system, build repair conditions, procedures and methods corresponding to the degree of illegal and dishonest, and implement accurate repair.

At the same time, the "Implementation Opinions" make clear requirements for the "data processing" in the repair process: the market supervision and management department shall stop the publicity of relevant information through the publicity system, or correct the relevant information, or stop the publicity of its inclusion in the removal record within 3 working days from the date of making or receiving the credit repair decision approved by other market supervision and management departments with jurisdiction. Relevant data information should remain in the data center.

3. Municipal Regulatory Bureau, General Requirements for the Safety of Network Critical Equipment

On February 22, 2021, the State Administration for Market Regulation (International Standardization Management Committee) issued Announcement No. 1 of 2021, approving 7 mandatory national standards and 1 mandatory national standard amendment list. One of the mandatory national standards is GB40050-2021 "General Requirements for the Security of Network Critical Equipment", which will be officially implemented from August 1, 2021.

The standard specifies the safety function requirements and safety guarantee requirements that key network equipment should meet. On the one hand, the standard can provide reference and basis for network operators to purchase network key equipment; On the other hand, the standard can be used to guide the research and development, testing and other work of key network equipment. Specifically, the standard mainly includes the following:

Security function requirements mainly include: device identification security; Redundancy, backup recovery and exception detection, vulnerability and malicious program prevention; Pre-installed software startup and update security; User identification and authentication; Access control security; Log audit security; Communication security; Data security; Password requirements; Security requirements mainly include: design and development; Production and delivery; Operation and maintenance.

4. Information and Safety Standards Commission, "Online Payment Service Data Security Guidelines (Draft for Comment)", etc

National Information Security Standardization Technical Committee official website news in February, Information Security Technology prepared by the secretariat of the National Information Security Standardization Technical Committee Online payment Service Data Security Guide, Information Security Technology Network Audio and Video Service Data Security Guide, Information Security Technology Express Logistics Service Data Security Guide, Information Security Technology Instant Messaging Service Data Security Guide, Information Security Technology Online Shopping Service Data security draft was officially released. We are now seeking public opinion.

5. Information Security Standards Commission, "Information Security Incident Classification and Classification Guidelines"

The official website of the National Information Security Standardization Technical Committee on January 22 news, prepared by the secretariat of the National Information Security Standardization Technical Committee of the Information security technology Information security Event Classification and Classification Guidelines (hereinafter referred to as the "Classification Guidelines") was officially released, is now widely for public comment.

6. Beijing Commission of Transport, "Internet Bicycle Rental System Technology and Service Specifications"

In order to promote the healthy and orderly development of the Internet rental bicycle industry in Beijing and advocate green travel, on February 7, 2021, the Beijing Municipal Commission of Transport drafted the Beijing local standard "Internet Rental Bicycle System Technology and Service Specifications" (draft for comments) (hereinafter referred to as the "Draft for Comments") in accordance with the Regulations on the Administration of Non-motor vehicles in Beijing.

The draft regulation emphasizes the security management of data. The collection of lessee information by the enterprise platform shall not exceed the scope necessary for the provision of business, and shall take technical measures and other necessary measures to ensure the security of business data and prevent data leakage and loss.