查看原文
其他

China’s Personal Information Protection Law (2)

陈立彤 合规 2022-03-20

按语:《个人信息保护法(草案)》于2020年10月13日经第十三届全国人大常委会第二十二次会议进行了初次审议。作为首部专门规定个人信息保护的法律,它的正式颁布实施无疑会对在中国从事经营活动的企业产生重大影响。草案颁布后出现了大量的中文解读,我们选择用英文文章帮助在中国企业的外国同事进一步了解相关问题。如有任何问题,请随时与我们联系。陈立彤律师的电子邮箱:henry.chen@dentons.cn。


China’s Personal Information Protection Law (2)

 

Henry Chen


Continued from China’s Personal Information Protection Law (1), hereinafter are some other salient features of the draft law:


Clear demarcation of processors’ responsibilities


The draft elected to categorize the way a processor handles personal information rendering the text more succinct and clearer than GDPR.


Where two or more processors are jointly to decide the processing purposes and methods, they should properly allocate their respective rights and obligations by an agreement.  Such agreement does not have any adverse effect on any individual data subject’s right to seek to redress wrongs done to him from either one of the processors.  In other words, the processors could be jointly and severally liable for infringing on individual data subjects’ rights (Article 21).


For the situation of processing personal information by delegation, for example, where Processor A delegates its processing responsibilities to Processor B, both parties (e.g., Party A and Party B) need to enter into an agreement in relation to the purposes of processing, methods of processing, types of personal information, protective measures and their respective rights and obligations.  Party A also needs to exercise oversight over Party B’s processing.  Party B shall not diverge from what is agreed in the agreement, and shall return or delete the processed personal information after the agreement is performed.  Party B shall not delegate the task of processing to any other third party without Party A’s prior consent (Article 22).


Notably informed and separate consent is required if a processor is to provide personal information to any third party.  The third party that received the personal information shall not act beyond the purpose why the information is transferred.  Especially, the receiving party shall not use any technology to re-identify the personal information that was already anonymized (Article 24). 


(Please enter the following QR code for the complete article)

<点击下列二维码阅读全文>或

<点击左下方“阅读原文”获取全文链接>



关注!|《个人信息保护法(草案)》全文公开征求意见

个人信息保护法草案出台,罚款看齐GDPR,最高可罚5000万或5%营业额

个人信息保护法初审在即!栗战书主持全国人大常委会委员长会议

率先完善数据产权制度 -- 中央支持深圳这样先行先试!内附文件全文

【直播回顾】监管律所支招,助力APP安心上架!

GDPR下的“consent” PK 中国法下的“同意”

开放银行与个人金融信息安全(一)「实务经验介绍暨往期沙龙回顾」

开放银行与个人金融信息安全(二)「实务经验暨往期沙龙」

开放银行与个人金融信息安全(三)「实务经验暨往期沙龙」

开放银行与个人金融信息安全(四)「实务经验暨往期沙龙」

开放银行与个人金融信息安全(五)「实务经验暨往期沙龙」

“人脸识别第一案”开庭,对强制刷脸能否说不?

网络爬虫与大数据安全「往期沙龙回顾」

侵害公民个人信息刑事风险的识别与控制「往期沙龙回顾」

我们刚做的这个等保2.0,得分接近90


您可能也对以下帖子感兴趣

文章有问题?点此查看未经处理的缓存