Shenzhen says "no" to data infringement and perfects its compliance risk control system

　　Shenzhen says "no" to data infringement and perfects its compliance risk control system

　　■ Editorial

　　Data security is not only related to everyone's information security, but also related to the business security of each market entity, and it is also related to national security. The law must be used to clarify the boundaries.

　　Recently, the "Shenzhen Special Economic Zone Data Regulations" (hereinafter referred to as the "Regulations") was officially announced.

This local legislation took the lead in proposing "data rights", focusing on strengthening the protection of personal information data, covering many areas of concern such as personal information data, public data, data markets, and data security. Industry chaos, such as “no use without full authorization,” big data, and mandatory personalized advertising recommendations, clearly say “no”.

　　This is the first basic and comprehensive legislation in the data field in China.

Judging from the public opinion feedback, many likes and many onlookers have expectations for the after-effects of this action in curbing data chaos.

　　For a long time, some applications have over-collected personal information, induced or compelled to ask for user authorization, which is abhorrent. The resulting data security risks and data abuse problems have plagued hundreds of millions of netizens.

For individuals, data is a privacy that does not want to be disclosed; for enterprises, data is a new factor of production; for countries, data is a basic strategic resource.

It can be said that data security is not only related to everyone's information security, but also related to the business security of each market entity, and is even more related to national security.

　　In recent years, with the help of hot topics such as big data "familiarity" and big data user "portraits", the social level has gathered more and more consensus on data security.

This is the general background of public opinion worrying about the risks of head application data, and it also proves that the promulgation of Shenzhen's "Regulations" is at the right time.

　　It is not surprising that Shenzhen issued this regulation.

As an important global electronic information and data industry base, Shenzhen has not only gathered more than 300 big data companies and formed a relatively complete big data industry chain, but also its data production volume in commerce, finance, logistics, and communications is also in the forefront of the country.

　　The "Regulations" puts respect for individuals as the first priority and data security as the key. It seems to be "hands and feet", but it actually adheres to the value orientation of protecting personal information and promoting the development of the digital economy.

For the new industries, new business formats and new models of the digital economy that are catalyzed by data to flourish, the legality of data collection and the orderly and safe flow of data must first be ensured.

While preventing data risks, regulating data collection, custody, and flow, the "Regulations" are also creating a more comprehensive, standardized, and deterministic compliance risk control system for data companies.

　　With the intensification of regional economic competition, many large and medium-sized cities are focusing on promoting the development of the data industry, and many of them have established the data industry as the leading industry.

The introduction of big data companies is certainly important for the competition for big data projects, but it is the key to the healthy cultivation and agglomeration of the data industry to create a standardized, orderly and safe element guarantee and a more deterministic industrial development direction for the data industry.

　　The "Regulations" issued by Shenzhen this time are widely acclaimed not only because of their "initiative" value, but also because the "Regulations" establish personal data processing rules based on "information-consent".

The premise is "inform-consent", that is, the processing of personal information should be fully informed in advance to obtain personal consent, the data processor should provide a way to withdraw consent, and must not impose unreasonable restrictions or impose unreasonable conditions on the withdrawal of consent.

The entry of this rule responds to the expectations of many netizens, and it should also become the "rule of kings" among data companies, service providers and consumers in the information society.

　　Although the "Regulations" is only a local legislation, its demonstration effect will extend to the whole country.

Although the "Regulations" are only applicable to Shenzhen, the higher-level laws on which this local legislation is based, such as the National Security Law and the Cyber ​​Security Law, are all national laws.

As far as the higher-level law is concerned, the "Regulations" have made its principled provisions more specific, and it is a manifestation of the spirit of the rule of law to fill in the blanks.

　　This also has exemplary significance for other regions.

Super-regional is a typical feature of the digital economy, as well as a typical feature of the data industry.

Every netizen is the subject of data, the producer of data, and the object of data security protection.

Looking at it from this point, Shenzhen's actions are obviously worth learning from all over the world.