Page 1

Set as homepage

Saturday, June 5, 2021

Add to Favorites Mobile version
Traditional Chinese

Please enter search keywords

⾸⻚
⻚

The authority issued

Informatization
Network communication
International exchange
Local letter
office ⼯ Open networks
for security

Law enforcement
Policies
inspection
and regulations
Interactive Center
Education andIndustry
training NewsFor topic

Current position: ⾸⻚ >正
正⽂

Provisions on the Protection of Children’s Personal Information Network
August 23, 2019 16:30

Source: Chinese Letter

【print】
【Error correction】

Wechat QR code

Order of the National Internet Information Office

No. 4
Scan the code to enter the mobile version

The "Provisions on the Protection of Children's Personal Information Networks" have been reviewed and approved by the Office of the National Internet Information Office. They are hereby announced and will be implemented from October 1st, 2019.

Director Zhuang Rong

2019 8⽉22⽇
Provisions on the Protection of Children’s Personal Information Network

Article first frame to protect the reach of children to child Face of information security, the promotion of reach of children Tong Jiankang growth, according to "Face the People's Republic of China Open networks Safety Law," "Law on the Protection of minors Face Face the People's Republic of China" and other laws and regulations,
Formulate this regulation.
Article second shot The term of reach of children to children, refers to the dissatisfaction ⼗ four years of minor Face.
Article in the territory of the People's Republic of China Face a network are engaged in the collection, storage, use or transfer, disclosure of reach of children to child Face of information and other activities, is useful when this provision.

Article any organization and the Face shall not make, publish, transmit reach of children against child Face of information security information.

Article 5 Child guardians should correctly perform guardianship duties, educate and guide children to enhance their awareness and ability in personal information protection, and protect the safety of children's personal information.

Article 6: Encourage Internet business organizations to guide and promote network operators to formulate business norms and guidelines for the protection of children's personal information, strengthen business self-discipline, and perform social responsibilities.

Article 7: When network operators collect, store, use, transfer, and disclose personal information of children, they shall follow the principles of justification and necessity, informed consent, clarification of purpose, safety assurance, and use in accordance with the law.

Article 2 Network operators shall set up special rules and user agreements for the protection of children's personal information, and designate specialists to be responsible for the protection of children's personal information.

Article 9: Network operators who collect, use, transfer, and disclose personal information of children shall notify the child guardian in a conspicuous and clear manner, and shall obtain the consent of the child guardian.

Article 10 When the network operator obtains the consent, it shall provide the option of rejection at the same time, and clearly inform the following matters:

(1) The collection, storage, use, transfer, and disclosure of children's personal information, method and scope;
( ⼆ ) The location, time limit and processing method after expiration of the storage of the child’s personal information;
(3) Security measures for children's personal information;

(4) Consequences of rejection;

(5) Channels and methods for complaints and reports;

(6) Ways and methods for correcting and deleting children's personal information;

(7) Other matters that should be notified.

If there is a substantial change in the notification items specified in the preceding paragraph, the consent of the child guardian shall be obtained again.

Article 2 Network operators must not collect personal information of children who are not related to the services they provide, and must not violate laws, political regulations and bilateral agreements to collect personal information of children.

Article 2 The storage of personal information of children by network operators shall not exceed the period necessary to realize the purpose of collection and use.

Article 3 Network operators shall adopt measures such as encryption to store children's personal information to ensure information security.

Article Four. Network operators who use children's personal information must not violate the provisions of laws, political regulations, and the scope and scope of the bilateral agreement. Due to business needs, it is indeed necessary to exceed the agreed target and scope.
If it is used, the consent of the child guardian should be obtained again.

Article 5 Network operators shall follow the principle of the most authorized to their staff, strictly set information access permissions, and control the scope of children's personal information knowledge. Employee access to child’s personal information
If it is not, it shall be approved by the person in charge of personal information protection or its authorized management staff, record the access situation, and take technical measures to avoid illegal copying and downloading of personal information.

Article 6: Where a network operator entrusts a third party to process the personal information of a child, it shall conduct a security assessment of the entrusted method and the conduct of the entrustment, sign an entrustment agreement, and clarify the responsibilities, handling matters,
The processing period, processing nature and purpose, etc., shall not exceed the authorized scope.

The entrusted party specified in the preceding paragraph shall perform the following obligations:

(1) Handling children's personal information in accordance with the provisions of laws, administrative regulations and the requirements of network operators;

(⼆) Assist the network operator to respond to the application made by the child guardian;
(3) Taking measures to ensure information security, and timely feedback to network operators when a security incident of child personal information leakage occurs;

(4) Delete the child's personal information in time when the entrusted relationship is terminated;

(5) Not to delegate;

(6) Other obligations of protecting children's personal information that should be fulfilled in accordance with the law.

Article Seven: If a network operator transfers the personal information of a child to a third party, it shall conduct a security assessment by itself or entrust a third party to conduct a security assessment.

Article 10 Network operators shall not disclose the personal information of children, except as required by laws, political regulations, or according to the agreement with the guardian of children.

Article 9 If a child or his guardian finds that the child's personal information collected, stored, used, or disclosed by the network operator is wrong, he has the right to request the network operator to correct it. Network operators should
Take timely measures to make corrections.

Article 2 If a child or his guardian requires a network operator to delete the child’s personal information that it collects, stores, uses, and discloses, the network operator shall take timely measures to delete it, including but
Not limited to the following situations:

(1) Network operators collect, store, use, transfer, or disclose children's personal information in violation of laws, political regulations, or bilateral agreements;

(2) Collecting, storing, using, transferring, or disclosing the personal information of a child beyond the scope of the target or within the necessary period;

(3) The child guardian withdraws his consent;

(4) The child or his guardian terminates the use of the product or service by way of cancellation or other means.

Article 2 If a network operator discovers that a child’s personal information has been posted or may be leaked, damaged, or lost, it shall immediately activate an emergency plan and take remedial measures; causing or may cause severe
If the consequences are serious, they should report to the relevant competent authorities immediately, and inform the affected children and their guardians of the incident by email, letter, telephone, push notification, etc. It is difficult to inform them individually
In case of failure, the relevant warning information shall be issued in a reasonable and effective manner.

Article 2 Network operators shall cooperate with the supervision and inspection carried out by the correspondence department and other relevant departments in accordance with the law.

Article 2 Third, if a network operator ceases to operate products or services, it shall immediately stop the collection of children’s personal information, delete the children’s personal information held by them, and notify and stop the operation.
Inform the child guardian at the time.
⼗ four second shot of any organization and the Face found to have violated the provisions of ⾏ is to be reported to the relevant departments and other departments ⽹ letter.
When the information department and other relevant departments receive the relevant report, they shall deal with it in a timely manner in accordance with their duties.

Article 2 Five. If the network operator does not implement the responsibility of the child’s personal information security management, there is a major security risk or a security incident occurs, the communication department shall conduct an interview based on its responsibilities, and the network transportation
Campers should take timely measures to make rectifications and eliminate hidden dangers.
Second shot ⼗ six in violation of the provisions of the letter by the ⽹ departments and other relevant departments in accordance with duties, according to "Face the People's Republic of China Open networks Safety Law," "⽹ Internet Information Services" and other relevant laws
Regulations provide for handling; if a crime is constituted, criminal responsibility shall be investigated in accordance with the law.
Article second shot ⼗ seven provisions remember START letter Using the archives violation of the provisions be held liable, in accordance with relevant laws and administrative regulations ⾏, and be well displayed.
Article ⼗ be eight second shot by a computer information processing system automatically retained identification information and information ⽆ law retained reach of children belonging to child process personal information can, in accordance with other provisions Perform.
Article second shot ⼗ nine provisions shall Auto 2019 10 1 Month date ⾏ administered.

