Abstract: The Cyberspace Administration of China regulates online posts and comments; the Supreme Court of India ruled that the constitution guarantees citizens' right to privacy; the US expert committee raised an early warning on the security of critical infrastructure; the United Kingdom promotes the data exchange and sharing partnership with the EU after Brexit.
【Global Policy Trends】
India's Supreme Court ruled that the constitution guarantees citizens' right to privacy
Summary : A few days ago, the Supreme Court of India made a historic decision, announcing that the constitution will guarantee the privacy of Indian citizens. The decision could limit the government's rollout of the Aadhaar program , a biometric ID database . Critics say Aadhaar may violate citizens' privacy rights. Moreover, since India does not have a comprehensive privacy protection law, it is difficult for citizens to protect their rights in accordance with the law when they encounter data leakage.
Comments : After the decision of the Supreme Court of India, companies need to pay more attention to data security and user privacy, especially products and services associated with the Aadhaar system. WhatsApp , for example, now has 160 million users in India , and the privacy implications of WhatsApp sharing data with its parent company Facebook 's messaging service have drawn the attention of the Supreme Court.
在国内,网信办等四部委日前对淘宝、支付宝、微信等产品的隐私条款进行了审查,各公司已在进行相应条款的修改。预计今年下半年和明年,个人信息和隐私保护会是国内外监管的重点。网络运营者应该对收集、保存、使用、转让用户个人信息的行为进行自查。
英国推动和欧盟的数据交换共享伙伴关系 点击查看原文
概要:英国政府近日发布了立场文件,重申希望能在脱离欧盟之后仍与欧盟的数据保护框架保持一致,保障英国和欧盟之间的数据流通。英国表示,在2017年5月之前会达到与GDPR相对应的数据保护标准。
点评:英国在为脱欧后与欧盟之间数据共享、传输、交换的便捷和合规性做铺垫,为企业、个人和公共部门提供稳定和信心,减少脱欧后英国企业额外的成本。中国与欧盟也应该加强个人信息和数据保护上的政策交流,推进标准的互认,引导双方企业的合规,减少未来可能的贸易摩擦。
美国专家委员会对关键基础设施安全提出预警 点击查看全文
概要:美国国家基础设施顾问委员会(NIAC)发布了一份报告,提醒关键基础设施提高应对网络攻击的能力。委员会建议美国政府,建立安全独立的通信网络支持关键基础设施;改进网络威胁信息共享机制;简化并加快安全调查程序,提高相关人员和机构对重大威胁事件的响应速度;支持网络安全从业人员培训;在关键基础设施行业设置专家特别小组试点等。
Comments: On the eve of "911", ensuring the security of critical infrastructure networks has become a "pain point" for the US government. The United States has some useful experience in defending against terrorism and cyber attacks. For example, the government supports network vulnerability scanning and assessment plans; formulates incentive mechanisms to encourage operators of critical infrastructure to upgrade technology and equipment, establish industry best practices; strengthen emergency drills and tests, etc.
【Domestic Policy Trends】
The Cyberspace Administration of China regulates that online post and comment sites must be registered with real names before they can provide services. Click to view the original text
Summary: The Cyberspace Administration of China issued the "Regulations on the Administration of Internet Threading and Commenting Services" last week, requiring network operators that provide threading and commenting services to implement the real-name system; strengthen the protection of personal information; Content moderation and information security technology, etc. At the same time, local supervision is required to strengthen safety assessment, credit assessment and accountability for safety management.
Comments: This regulation clarifies the main responsibilities of service providers of post comments and raises the compliance requirements for various forums, microblogs, and video sites. It is recommended that such network operators conduct self-examination and rectification, register user information with real names under the principle of "voluntary at the front desk and real names at the back end", and strengthen content security audits.