China has formulated and promulgated more than 150 pieces of legislation in the Internet field, establishing a "four beams and eight pillars" for the rule of law in the Internet.

According to this site’s news on June 18, the State Council Information Office held a press conference today. The heads of relevant departments such as the Cyberspace Administration of China and the Supreme People’s Court introduced the rule of law to ensure high-quality development of the Internet. relevant circumstances.

According to official statements, China has formulated and promulgated more than 150 pieces of legislation in the network field, basically forming a system based on the Constitution, relying on laws, administrative regulations, departmental rules, local regulations, and local government regulations, and based on traditional legislation. , with specialized network legislative systems such as network content construction and management, network security and informatization, building the "four beams and eight pillars" of China's network rule of law, providing a solid legal guarantee for the construction of a network power.

Here is an example. On March 22 this year, the Cyberspace Administration of China announced the "Regulations on Promoting and Regulating Cross-Border Data Flows" (hereinafter referred to as the "Regulations"), which will come into effect on the date of publication.

The "Regulations" clarify the reporting standards for the export security assessment of important data, and propose that if the data has not been notified or publicly released as important data by the relevant departments or regions, the data processor does not need to declare the data export security assessment as important data.

The "Regulations" stipulate the conditions for data export activities that are exempt from reporting data export security assessment, entering into a standard contract for personal information export, and passing personal information protection certification: First, international trade, cross-border transportation, academic cooperation, transnational The data collected and generated in activities such as manufacturing and marketing are provided overseas and do not contain personal information or important data; second, the personal information collected and generated overseas is transferred to the country for processing and then provided overseas, and no introduction is made during the processing. Domestic personal information or important data; third, it is necessary to provide personal information overseas in order to conclude and perform a contract to which the individual is a party; fourth, implement cross-border human resources in accordance with labor regulations and collective contracts signed in accordance with the law. management, it is really necessary to provide employees’ personal information overseas; fifth, in order to protect the life, health and property safety of natural persons, it is really necessary to provide personal information overseas; sixth, data processors other than critical information infrastructure operators Since January 1 of that year, the personal information of less than 100,000 people (excluding sensitive personal information) has been provided overseas.

According to regulations, a negative list system for free trade pilot zones has been established. It is proposed that within the framework of the national data classification and hierarchical protection system, the free trade pilot zone can formulate a negative list within the zone on its own, and after approval by the provincial network security and information technology committee, report it to the national cybersecurity and informatization department and the national data management department for filing. Data processors in the free trade pilot zone who provide data outside the negative list overseas are exempted from declaring data export security assessments, entering into standard contracts for personal information exports, and passing personal information protection certification.

The "Regulations" clarify the conditions for two types of data export activities that should apply for data export security assessment. One is that critical information infrastructure operators provide personal information or important data overseas; the other is that critical information infrastructure operators provide personal information or important data overseas; Data processors outside the country have provided important data to overseas countries, or have provided personal information of more than 1 million people (excluding sensitive personal information) or sensitive personal information of more than 10,000 people to overseas countries since January 1 of that year. At the same time, it clarified the conditions for data export activities that should enter into a standard contract for personal information export or pass personal information protection certification, that is, data processors other than critical information infrastructure operators have provided more than 100,000 people overseas since January 1 of that year. , personal information of less than 1 million people (excluding sensitive personal information) or sensitive personal information of less than 10,000 people.

The "Regulations" also stipulate the validity period and extension application of data export security assessment, data security protection and supervision and management responsibility, and the connection and application with other regulations on data export security management.

The above is the detailed content of China has formulated and promulgated more than 150 pieces of legislation in the Internet field, establishing a "four beams and eight pillars" for the rule of law in the Internet.. For more information, please follow other related articles on the PHP Chinese website!