NPC push for data privacy protection of employees

0
1509
LinkedIn
Facebook
Twitter
Whatsapp
Telegram
Copy link

On 28 December 2012, the Standing Committee of the National People’s Congress promulgated the Decision on Enhancing Protection of Network Information, effective from the same date. This decision applies primarily to network service providers, but also to other enterprises and institutions in general, and so most probably applies to all employers in China.

The decision provides relatively detailed requirements on personal data collection, use and protection. Specifically, when collecting and using employees’ electronic personal information, employers are now required to specify and inform the data subject (including employees) of the purposes, methods and usage of such data collection, and obtain the employees’ consent. Current regulations only vaguely require employers to obtain employee consent prior to any “publicising” of personal information, but the decision now requires consent even for the collection of personal information. The requirement to inform data subjects, including employees, of the purpose and use of data collection is also new.

Potential penalties under this decision include warnings, fines and disgorgement of illegal gains, although they seem mostly directed at network service providers and no specific penalty amounts are stipulated in the decision itself. Although the decision is technically not considered a law, companies should still make best efforts to comply with its requirements as the courts may refer to it when deciding on data privacy claims.

You must be a subscribersubscribersubscribersubscriber to read this content, please subscribesubscribesubscribesubscribe today.

For group subscribers, please click here to access.
Interested in group subscription? Please contact us.

你需要登录去解锁本文内容。欢迎注册账号。如果想阅读月刊所有文章,欢迎成为我们的订阅会员成为我们的订阅会员

已有集团订阅,可点击此处继续浏览。
如对集团订阅感兴趣,请联络我们

LinkedIn
Facebook
Twitter
Whatsapp
Telegram
Copy link