China: 金融科技规定研究系列:有关网络安全、大数据、个人信息保护的小结

Last Updated: 2 August 2019
Article by Bi Xiuli and He Wang
Most Read Contributor in China, August 2019

金融科技英译为Fintech,是Financial Technology的缩写,可以简单理解成为Finance(金融)+Technology(科技),金融科技主要是指由大数据、区块链、云计算、人工智能等新兴前沿技术带动,对金融市场以及金融服务业务供给产生重大影响的新兴业务模式、新技术应用、新产品服务等。大数据与金融科技相结合,有助于金融企业不断提升效率和服务能力。大数据的发展促进了数据本身价值的提升,所面临的网络空间安全问题也日益剧增。个人信息作为一种大数据,直接涉及到个人的权利及安全,对相关数据的保护提出了更高的要求。网络安全、大数据、个人信息保护三者不可分割,相互交织,紧密相连。

目前,我国在网络安全、大数据、个人信息保护三个领域的法律法规均不完善,在实践中出现了一些新问题、新现象,立法缺失的弊端日益突显。为及时解决相关问题,明确方向,促进金融科技与保护个人权利同步发展,我国相关主管部门于近期先后出台了一系列与之相关的法规规定的征求意见稿,正逐步完善相关立法。为从整体上把握网络安全、大数据、个人信息保护的立法趋势,更好的服务客户,笔者将目前的法律法规(包括处于草案及征求意见稿阶段的法律法规)予以小结,以期抛砖引玉。本文共分为四个部分,分别为:与网络安全、数据安全、个人信息保护相关的法律法规、网络安全部分、数据安全部分及个人信息保护部分。

一、与网络安全、数据安全、个人信息保护相关的法律法规

二、网络安全部分

据资料显示,网络安全是指网络系统的硬件、软件及其系统中的数据受到保护,不因偶然的或者恶意的原因而遭受到破坏、更改、泄露,系统连续可靠正常地运行,网络服务不中断。网络安全的主要特征体现为:保密性、完整性、可用性、可控性和可审查性。

现阶段我国有关网络安全的立法并不完善。目前我国确定的已经生效的或列入立法日程的有关网络安全的法律或法规主要包括:《中华人民共和国网络安全法》、《网络安全审查办法》、《网络安全漏洞管理规定》、《网络关键设备安全检测实施办法》。其中,已经颁布实施的只有《中华人民共和国网络安全法》,其他法规尚处于公开征求意见阶段。

(一)《中华人民共和国网络安全法》

简析

《中华人民共和国网络安全法》从网络安全支持与促进、网络运行安全、网络信息安全、监测预警与应急处置、法律责任等几方面对网络安全问题予以了规范,其中,在实务中遇到较多的情况包括:(1)网络运营者在处理个人数据信息时如果把握尺寸的问题。上表格中4.3明确了具体的判断原则,"网络运营者不得泄露、篡改、毁损其收集的个人信息;未经被收集者同意,不得向他人提供个人信息。但是,经过处理无法识别特定个人且不能复原的除外。"也可以理解为,原则上未经个人同意,网络运营者不得直接提供个人信息,但如将个人信息予以处理变成"产品",以至于无法识别特定个人信息且不能复原的情形除外。如直接出售或使用个人的私人信息(手机号、身份证信息),是违法的,但如将该等信息制作为"产品",如通过收集信息的处理,判断某个地区某类产品畅销、消费群体等信息,不再直接体现为私人信息,则是允许的。

(二)《网络安全审查办法(征求意见稿)》

为提高关键信息基础设施安全可控水平,维护国家安全,国家互联网信息办公室于2019年5月21日发布了《网络安全审查办法(征求意见稿)》,向社会公开征求意见。该办法主要规范的是关键信息基础设施运营者(以下简称运营者)采购可能影响或可能影响国家安全的网络产品和服务的行为。运营者采购网络产品和服务时,应预判产品和服务上线运行后带来的潜在安全风险,形成安全风险报告。对于包括可能导致关键信息基础设施整体停止运转或主要功能不能正常运行及大量个人信息和重要数据泄露、丢失、毁损或出境等行为的,需网络安全审查办公室申报网络安全审查。

三、数据安全部分

据资料显示,大数据(bigdata)指无法在一定时间范围内用常规软件工具进行捕捉、管理和处理的数据集合,是需要新处理模式才能具有更强的决策力、洞察发现力和流程优化能力的海量、高增长率和多样化的信息资产。大数据技术的战略意义不在于掌握庞大的数据信息,而在于对这些含有意义的数据进行专业化处理。换而言之,如果把大数据比作一种产业,那么这种产业实现盈利的关键,在于提高对数据的"加工能力",通过"加工"实现数据的"增值"。随着云时代的来临,大数据也吸引了越来越多的关注。

大数据的应用离不开相关数据安全的保护,但目前我国有关数据安全的立法并不完善,更谈不上相关法律法规的执行。当前我国确定的列入立法日程的有关大数据保护的法律或法规主要包括:《数据安全法》及《数据安全管理办法》,前者已被列入"条件比较成熟、拟提请审议"草案阶段,后者目前正在征求意见阶段。

(一)《数据安全管理办法》(征求意见稿)

为了维护国家安全、社会公共利益,保护公民、法人和其他组织在网络空间的合法权益,保障个人信息和重要数据安全,国家互联网信息办公室于2019年5月28日发布了《数据安全管理办法(征求意见稿)》。

简析

通过整理《数据安全管理办法》(征求意见稿),我们发现,该规定与我们日常生活息息相关,如我们日常使用APP经常遇到的"定向推送"广告,强制"一揽子授权"等现象,在该办法中均有相应的规范。当该办法生效后,前述现象将受到规范与约束。

四、个人信息保护部分

隐私权为个人民事权利中的人身权利的一种,依法受法律保护。个人信息受法律保护,任何组织和个人不得非法收集、使用、加工、传输、非法买卖、提供或者公开他人个人信息。同时,隐私权列为民事权益的一种,侵害民事权益,应当依法承担侵权责任;被侵权人有权请求侵权人承担侵权责任。隐私权及个人信息的保护主要体现在《民法总则》及《侵权责任法》中。

附:相关条款

《侵权责任法》第二条 侵害民事权益,应当依照本法承担侵权责任。

本法所称民事权益,包括生命权、健康权、姓名权、名誉权、荣誉权、肖像权、隐私权、婚姻自主权、监护权、所有权、用益物权、担保物权、著作权、专利权、商标专用权、发现权、股权、继承权等人身、财产权益。

被侵权人有权请求侵权人承担侵权责任。

《民法总则》第一百零九条 自然人的人身自由、人格尊严受法律保护。

第一百一十条 自然人享有生命权、身体权、健康权、姓名权、肖像权、名誉权、荣誉权、隐私权、婚姻自主权等权利。

第一百一十一条 自然人的个人信息受法律保护。任何组织和个人需要获取他人个人信息的,应当依法取得并确保信息安全,不得非法收集、使用、加工、传输他人个人信息,不得非法买卖、提供或者公开他人个人信息。

而随着网络、大数据的发展,个人隐私、个人信息的保护受到了巨大的挑战。目前我国有关个人信息保护的法律法规并不完善,当前我国确定的列入立法日程的有关个人信息保护的法律或法规主要包括:《个人信息保护法》、《儿童个人信息网络保护规定》、《个人信息出境安全评估办法》。前者处于草案阶段;后两者处于公开征求意见阶段。

(一)《儿童个人信息网络保护规定》(征求意见稿)

为了保护儿童(此处指不满十四周岁的未成年人)个人信息安全,促进儿童健康成长,2019年5月,国家互联网信息办公室发布《儿童个人信息网络保护规定》征求意见稿。该意见稿共28条,规定更为严格,其中,特别规定:设立设立个人信息保护专员、征得儿童监护人的明示同意、最小授权等方面。具体体现为:

(二)《个人信息出境安全评估办法》(征求意见稿)

为保障数据跨境流动中的个人信息安全,国家互联网信息办公室于2019年6月13日发布了《关于<&#20010;人信息出境安全评估办法(征求意见稿)>公开征求意见的通知》,对《个人信息出境安全评估办法(征求意见稿)》公开征求意见。该征求意见稿全文共22条,重点强调了个人信息出境申报评估、申报材料、个人信息出境记录、出境合同内容及权利义务要求、分析报告内容要求等内容:

(三)《App违法违规收集使用个人信息行为认定方法》(征求意见稿)

App专项治理工作组于2019年5月5日发布了《App违法违规收集使用个人信息行为认定方法(征求意见稿)》,向社会公开征求意见。该办法将违法违规收集使用个人信息行为分为七大类,在每一类里又具体列举了几类情形。这七类情形主要包括:(1)没有公开收集使用规则的情形;(2)没有明示收集使用个人信息的目的、方式和范围的情形;(3)未经同意收集使用个人信息的情形;(4)违反必要性原则,收集与其提供的服务无关的个人信息的情形;(5)未经同意向他人提供个人信息的情形;(6)未按法律规定提供删除或更正个人信息功能的情形;(7)侵犯未成年人在网络空间合法权益的情形。

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Related Topics
 
Related Articles
 
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions