On 1 February 2019 the National Information Security Standardisation Technical Committee published the draft Information Security Technology – Personal Information Security Specifications for public comment. The consultation period will run until 3 March 2019.

The key amendments to the original Personal Information Security Specifications (for approval) are as follows:

  • The specifications now include the following clause: "[a] personal information controller shall not force the personal information subject to accept the collection requirements."
  • The exceptions regarding authorisation and consent by personal information subjects have been revised.
  • A "personalized display and exit" mechanism has been added.
  • Rules concerning the merger of personal information have been introduced.
  • Management requirements concerning third party access to platforms have been added.
  • The importance of data protection officers and departments has been promoted.
  • The requirements regarding the reporting of "personal information security events" have been refined.
  • Requirements regarding the recording of personal information processing activities have been added.
  • Detailed rules have been added regarding how a personal information subject's "right to choose to agree" can be safeguarded.

For further information on this topic please contact Samuel Yang or Yang Chen at AnJie Law Firm by telephone (+86 10 8567 5988) or email (yanghongquan@anjielaw.com or chenyang@anjielaw.com). The AnJie Law Firm website can be accessed at www.anjielaw.com.

This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.