It is clear that network operators should establish and improve the user information protection system and standardize the content of network information security and personal information protection.

In order to ensure network security, safeguard cyberspace sovereignty, national security and social interests, protect the legitimate rights and interests of citizens, legal persons and other organizations, and promote the healthy development of economic and social informatization, the Cyber Security Law of the People's Republic of China is formulated. The NPC Standing Committee promulgated it on 20161.7, and it will take effect on June 2017/year.

Cyber security law is the first basic law in China to comprehensively regulate the management of cyberspace security, an important milestone in the construction of cyberspace rule of law in China, a legal weapon to govern the network according to law and resolve network risks, and an important guarantee for the healthy operation of the Internet on the track of rule of law. The Network Security Law institutionalizes some mature good practices in recent years, and provides principles for possible system innovation in the future, which provides practical legal protection for network security work.

Article 41 The collection and use of personal information by network operators shall be lawful, just and necessary.

The principle of open collection and use rules, express the purpose, way and scope of information collection and use, and by

The collector agreed. Network operators shall not collect personal information irrelevant to the services they provide, and shall not collect and use personal information in violation of the provisions of laws and administrative regulations and the agreement between the two parties, and shall handle the personal information they save in accordance with the provisions of laws and administrative regulations and the agreement with users.

Forty-second network operators shall not disclose, tamper with or destroy the personal information they collect; Personal information shall not be provided to others without the consent of the person being collected. However, unless the specific individual cannot be identified after processing and cannot be recovered.

Article 46 Any individual or organization shall be responsible for its use of the Internet, and shall not set up websites or distribution groups that commit illegal and criminal activities such as fraud, teaching criminal methods, making or selling prohibited items and controlled items, or use the Internet to publish information related to illegal and criminal activities such as fraud, making or selling prohibited items and controlled items.

Forty-seventh network operators should strengthen the management of information released by users. When discovering information that is prohibited by laws and administrative regulations from being published and disseminated, it shall immediately stop the dissemination, take measures such as elimination, prevent the dissemination of information, keep relevant records, and report to the relevant competent departments.

Forty-ninth network operators should establish a network information security complaint reporting system, publish information such as complaint reporting methods, and promptly accept and handle complaints and reports related to network information security. Network operators shall cooperate with the supervision and inspection carried out by the network information department and relevant departments according to law.

Article 64 A network operator or network product service provider violates the provisions of Article 22 of this Law.

The third paragraph of Article 41 to Article 43 stipulates that anyone who infringes on the legally protected personal information right shall be ordered by the relevant competent department to make corrections, and may be given a single punishment or a warning, confiscation of illegal income and a fine ranging from one time to ten times of illegal income according to the circumstances. If there is no illegal income, a fine of not more than 1 million yuan shall be imposed, and a fine of not less than 10,000 yuan but not more than 100,000 yuan shall be imposed on the directly responsible person in charge and other directly responsible personnel; If the circumstances are serious, it may be ordered to suspend the relevant business, suspend business for rectification, close the website, revoke the relevant business license or revoke the business license.

Whoever, in violation of the provisions of Article 44 of this Law, steals or obtains, illegally sells or illegally provides other people's personal information by other illegal means, which does not constitute a crime, shall be confiscated by the public security organ and fined between one and ten times the illegal income. If there is no illegal income, a fine of less than one million yuan shall be imposed.

reference data

Law library. Law Library [citation time: 20 17- 12-29]