How to implement data security? Experts explain the data security law

How to implement data security

——Experts explain the data security law in detail

　　Our reporter She Ying

　　The 29th meeting of the Standing Committee of the 13th National People’s Congress held recently passed the "Data Security Law of the People’s Republic of China", which is my country’s first special law on data security and an important law in the field of national security. It will be implemented on September 1, 2021.

　　Why is there a data security law?

What are the current difficulties and pain points facing my country's data security?

How can the data security law effectively protect the security of consumers' personal information?

At the first Data Rule of Law Summit Forum held a few days ago, industry insiders and experts put forward their opinions and suggestions on this.

　　"Data security first relates to national security." Chen Zhimin, former deputy minister of the Ministry of Public Security and former deputy director of the State Cyberspace Administration of China, believes that data is the core carrier and key content of network operations.

Once sensitive data involving politics, economy, diplomacy, military, science and technology, biology, etc. is leaked, it is easy to be used maliciously and cause major harm to national security; if data monopoly and hegemony form, a series of political and economic problems will arise.

　　Secondly, it is related to economic security.

At present, telecommunications network fraud has become a prominent problem affecting social security. In some provinces and cities, the number of fraud cases has accounted for half of the criminal cases. It is very difficult to solve the case, and it is difficult to recover the stolen money after the case is solved, causing huge losses to the people.

　　Again, it is about personal safety.

Once a large number of citizens' personal privacy such as personal identity, family, economic status, interests and hobbies are involved, and irreversible biometric information such as faces, fingerprints, and DNA are maliciously leaked, security risks should not be underestimated.

　　In addition, it is related to the health, safety and sustainable development of the digital economy.

Currently, the integration of the digital economy and the real economy is accelerating, and the issue of data ownership has become more prominent.

Only by clarifying the ownership of data can we further clarify the subject and boundary of the data; clarifying the value of rights such as the ownership of the data can we reasonably carry out equity allocation, market transactions, and income distribution.

　　Therefore, data security is already in a critical period where we must pay attention to it, and the promulgation of the data security law is the general trend.

　　In recent years, my country has enacted a cyber security law, an e-commerce law, and a civil code.

Together with the data security law, these laws constitute a legal system in the data field with Chinese characteristics.

The difficulties to be solved by the law are also the pain points that consumers, enterprises and society are concerned about.

　　According to He Xiaorong, Vice President of the Supreme People's Court, judging from current judicial practice, the legal problems of data are concentrated in four aspects: First, the ownership of data property rights is unclear.

Data has become a production factor alongside land, labor, capital, and technology, but issues such as the origin of data, the boundaries of the legitimate rights and interests of data collectors, and the unilateral right of deletion of data collectors have brought huge challenges to judicial practice.

The second is that the data processor infringes on personal privacy.

The Civil Code stipulates that data processors shall not use the privacy of natural persons unless expressly consented by the right holders. my country is currently formulating relevant judicial interpretations on face recognition.

The third is that the concentration of big data leads to "killing familiarity."

The phenomenon of "killing familiarity" by online platform merchants seriously infringes on the legitimate rights and interests of consumers. The underlying reason for this phenomenon lies in the improper use of the platform merchants' long-term collection of consumer transaction data.

The fourth is the lack of discretionary standards for the rationality of data algorithms.

Once problems are encountered, it is difficult to provide a basis for finding out the basic facts of the case.

　　"The average annual compound growth rate of my country's big data industry during the 13th Five-Year Plan period exceeded 30%, and the overall scale of the industry in 2020 will exceed 1 trillion yuan." Wang Jiangping, deputy minister of the Ministry of Industry and Information Technology, believes that we must look at it from a development perspective. In the new field of data governance, some problems are minor problems now and may become major problems in the future.

　　The data security law provides some important compliances for solving data security and ownership issues.

However, there are still some specific issues that need further confirmation during the implementation process.

　　"In the prevention and control of the new crown pneumonia epidemic, big data has played an important role." According to Chen Zhimin, the national health code has been used more than 60 billion times in 2020, helping the country's economic and social order to restore steadily.

However, the collection and use of personal data on such a large scale leaves a large amount of personal data in the hands of communities, properties, and enterprises, and there are also major security risks.

"How to protect the legitimate rights and interests of citizens, especially to ensure that irreversible biometric information such as fingerprints and faces of citizens is free of risks, needs to be resolved by laws and regulations." He said.

　　How should precious and sensitive data be used?

Chen Zhimin made several suggestions for implementing the data security law:

　　One is that the main body is the people.

In the era of big data, personal data rights of citizens are as important as personality rights and property rights, and together they constitute the basic rights of citizens.

The right to data includes the right to informed consent, the right to modify, and the right to property, especially the right to distribute income from the data.

　　The second is that sovereignty rests in the country.

The state shall enjoy the rights to generate, disseminate, manage, use, regulate, supervise, protect, evaluate, and review data within the scope of regime management.

　　The third is enterprise development.

Data is originally scattered, isolated, and disconnected, but through the collection, sorting, and clarity of the enterprise, it becomes an organic chain and a commodity with use value.

It is necessary to clarify the legitimate rights and interests of enterprises in data development, ensure the fairness and reasonableness of data transactions, oppose unfair competition, and oppose data monopoly.

　　The fourth is sharing.

On the basis of clarifying the status and rights of data citizens, national sovereignty and rights, promote data sharing and sharing in accordance with the laws of the socialist market economy.