The Standing Committee of the National People's Congress deliberates the draft personal information protection law in groups

  Random and disorderly collection of personal information such as faces requires strict control

  Reading tips

  The collection of personal information is too "willful", the punishment of offenders is not strong enough, where is the personal information collected during the epidemic... On April 27, the 28th meeting of the 13th National People's Congress Standing Committee deliberated the draft of the personal information protection law 2 After reviewing the manuscript, members of the Standing Committee of the National People's Congress discussed issues of public concern.

  "We are like taking off our clothes in front of big data. No one has personal privacy at all."

  "It is very urgent to strengthen the protection of personal information. We must severely crack down on the theft and sale of personal information."

  "Face recognition is used in more and more places, which threatens the security of personal information to a certain extent."

  "As the epidemic gradually improves, the focus of personal information protection should shift from collection and use to storage and destruction."

  ...

  On April 27, the 28th meeting of the 13th National People’s Congress Standing Committee deliberated the second review of the draft personal information protection law. The members of the National People’s Congress Standing Committee discussed facial recognition, protection of personal information related to the epidemic, and infringements of public concern. Discuss the punishment of personal information violations and other issues.

  Concern 1 "Cake face" shouldn't be too "willful"

  In daily life, the abuse of face recognition technology is more common-in some places, owners have to brush their faces when entering the community or when entering the elevator; in addition to the visible "face-seeking" behavior, according to media reports, there are some There are businesses that install cameras with facial recognition capabilities, secretly capture facial data, and generate facial IDs.

  "At present, face recognition is used in more and more places, which threatens the security of personal information to a certain extent, and personal whereabouts information can be revealed." Member Yang Zhen suggested that a specialized agency should undertake the approval of facial recognition applications. And supervision functions, defining the responsibilities of equipment and data supervisors, etc.

  Tan Huizhu, deputy director of the Hong Kong Basic Law Committee of the Standing Committee of the National People’s Congress, proposed that Article 27 of the draft stipulates that “the installation of image capture and personal identification equipment in public places shall be necessary to maintain public safety, comply with relevant national regulations, and set up prominent reminders” There is no definition of "public place" in this article.

It is recommended to add a paragraph to this article as the second paragraph stipulates that "the public places in this article are areas open to unspecified public for their use".

  "I think this definition needs to be further clarified. Public places should refer to places for unspecified public use as a whole, such as libraries, museums, hospitals, shopping malls, public transportation facilities, etc., and should not include incidental areas of private places, such as The public areas of residential quarters." Tan Huizhu said, for example, residential quarters are essentially private places, and the use of personal identification equipment cannot be compulsorily used on the grounds of maintaining public safety.

  Vice Chairman Cao Jianming said: “Some localities, enterprises, and organizations abuse new technologies such as artificial intelligence, big data, especially facial recognition, and the problems of disorderly, arbitrary collection and use, and even the disclosure of sensitive personal information are becoming more and more serious. The source of the processing of sensitive personal information is to strengthen regulations and protections, and put forward more stringent requirements than the protection of personal information." To this end, he suggested that: "In addition to laws and administrative regulations and the maintenance of national security and public interest, sensitive personal information The collection and use of personal information should be reported to the department performing personal information protection duties for record review; the collection and use of extremely sensitive personal information should obtain relevant administrative licenses."

  Committee member Lv Wei believes that personal identification information can only be used for the purpose of maintaining public safety or fulfilling statutory obligations. Therefore, it is suggested that Article 27 of the draft should be amended as follows: The installation of image collection personal identification equipment in public places should be used to maintain public safety or perform Necessary for statutory obligations.

  Concern 2 "It is necessary to strengthen legal responsibility"

  In recent years, the protection of personal information in my country has continued to increase. However, in real life, there are still some companies, institutions and individuals who excessively collect, illegally obtain, illegally buy and sell personal information, and use illegally obtained personal information to infringe upon the legitimate rights and interests of the people. phenomenon.

  Member Li Xueyong said that from the current legal liability clauses of the draft, administrative protection accounts for the majority, but administrative penalties are not strong, and there is a relatively large room for penal discretion, which is not enough to form a due deterrent.

Article 1034 of the Civil Code clearly protects personal information as a civil interest.

While giving full play to the role of administrative protection, civil protection and criminal protection should be further strengthened.

  "Traditional damage compensation system has been difficult to effectively curb the infringement of personal information." Vice Chairman Cao Jianming pointed out that in judicial practice, the damage caused by infringement of personal information is generally difficult to quantify, and a single victim can prove it. The degree of damage suffered is often disproportionate to the benefits that the perpetrator may obtain as a result of the tort.

Therefore, it is recommended to add a punitive compensation system for serious infringement of personal information rights and interests in the draft, so as to increase the punishment for infringements of personal information rights and interests, and form a deterrent to the perpetrators who infringe personal information rights and interests.

  Member Zheng Gongcheng said that the public has paid a lot of attention to this law, but the legal liability regulations of this law lack specific targets, so it is necessary to strengthen legal liability.

He believes that the legal responsibilities should be set out in the legal responsibilities of cybersecurity and informatization companies that should violate the law, and how individuals should violate the law, so that it is more targeted and binding, and the law is easy to implement.

In addition, penalties should be increased.

"Currently, the penalties for illegal acts in the law are still relatively serious, and they are only less than 5,000 yuan. Such penalties are too small and have no meaning in essence. The penalties should be greatly increased."

  Concern 3 How to protect the information collected during the epidemic period

  Article 4, paragraph 2, of the second review draft of the Personal Information Protection Law submitted to the Standing Committee of the National People's Congress for deliberation stipulates: The processing of personal information includes the collection, storage, use, processing, transmission, provision, and disclosure of personal information.

  Regarding this content, Wang Huizhong, a member of the Overseas Chinese Committee of the National People's Congress, suggested adding the word "destroy" after "open".

He said, “Currently, there are few documents that clearly state the data processing methods after the epidemic is over. As the epidemic gradually improves, the focus of personal information protection should also shift from collection and use to storage and destruction.”

  Member Li Wei also proposed that the destruction and deletion of personal information processing is an important part of the personal information protection system.

"For example, during this new crown pneumonia epidemic, whether face recognition or personal information, almost everyone has been collected and used, and they have their own feelings. How long is this information stored? When will it be destroyed? Explain. After the epidemic is eliminated, if you don't keep it properly, personal information will cause unsafe hidden dangers and risks."

  Member Li Feiyue stated that the protection of personal information has become one of the most direct and practical interests of the people, and it is necessary and urgent to formulate a personal information protection law.

On the one hand, my country has not systematically and comprehensively implemented specific legislation on personal information protection related issues.

On the basis of the current laws, formulating and promulgating special laws for the entire life cycle of personal information can provide stronger legal protection and maintain a good ecology of cyberspace.

On the other hand, through legislation, on the basis of protecting the rights and interests of personal information, it can promote the rational and effective use of information and data in accordance with the law, and promote the sustainable and healthy development of the digital economy.

  Zhang Weijie