SESEC Roundtable on Personal Information Protection

30/10/2020

On 16 October 2020, the Roundtable on Laws, Regulations and Standards on Personal Information Protection in China was successfully held by SESEC. Mr. HE Yanzhe, Director of the Cybersecurity Evaluation Center of the China Electronic Standardization Institute (CESI), was invited to introduce and interpret the latest developments in China’s personal information protection laws and regulations.

As one of the developers of the standards on personal information protection, Mr. HE particularly focused on the interpretation of the standard GB/T 35273-2020 Information Security Technology—Personal Information Security Specification. According to Mr. HE, the standards system of personal information protection in China is clearer than that of cybersecurity and data security: it is led by GB/T 35273 (first released in 2017, then amended in 2020), and complemented by other standards on various specific aspects, such as GB/T 37964-2019 Information Security Technology—Guide for De-identifying Personal Information, and 20194267-T-469 Information Security Technology—Basic Specification for Collecting Personal Information in Mobile Internet Applications.

In addition, Mr. HE explained the details of the amendment of GB/T 35273. The most important point is that end users can now freely choose several services and functions based on their own will. For instance, the new requirements for personal information controllers include:

  • The way or manner by which services and functions are closed or withdrawn, shall be as convenient as the way or manner by which personal information subjects choose to use services and functions;
  • The personal information controller should not seek too frequently the consent of the subjects of personal information to use, close or withdraw from specific services and functions; in addition, the personal information controller shall not suspend nor reduce the quality of other business functions that the subject of personal information chooses to use independently.

The amendment of GB/T 35273 also introduced requirements for the use of personal biometric information and user portrait.

Because of limited office space, SESEC only invited Mr. HE and a small number of stakeholders to SESEC office, while the wider stakeholder audience was connected via online tools. Nonetheless, opportunities were provided to all online and offline participants to share key issues in different industries, e.g. China Standard 2035, CCC, and global cooperation in ICT. In the future, SESEC will continue to hold roundtables and online events thus facilitating exchange and sharing of all relevant stakeholders.

SESEC is looking forward to your participation!

By Haley WU on 30 October