The China Cybersecurity Week 2020 celebrated the theme of “Personal Information Protection” on 20 September 2020. That day, the Special Taskforce on the Collection and Use of Personal Information by Apps Violating Laws and Regulations – established under TC260 – hosted a thematic event in Beijing titled “Personal Information Protection for Apps”, during which the publicity video of the national standard GB/T 35273-2020 Information Security Technology—Personal Information Security Specification was released for the first time. The purpose of the video is to facilitate the readers’ understanding of the content of the standard through visual and dynamic explanations. In addition, during the event the English version of GB/T 35273-2020 was also released, with the aim to facilitate access to the content of the standard by all relevant readers in China and abroad, as well as to accelerate the further promotion and implementation of the standard.

In the Internet era, while people enjoy the convenience and inclusiveness brought by big data, their personal information is inevitably being collected and used. Every transaction, browsing, communication, etc., could be recorded and analysed. Therefore, personal information has become an important resource pursued by many companies. While people expect their personal information to be collected and used lawfully, problems such as leakage, misuse, and excessive collection of personal information remain very frequent, hurting people’s interests. The question of how to regulate the collection and use of personal information has always been the key focus of global data governance.

In December 2017, GB/T 35273-2017 Information Security Technology—Personal Information Security Specification was officially released. Proposed and organised by the National Information Security Standardisation Technical Committee (TC260), GB/T 35273-2017 is the first national standard indicating clear requirements for every step of personal information processing activities, including collection, use, storage and sharing. The standard was later amended to incorporate best practices and experience from relevant laws, regulations, standards and technical specifications around the world in the field of personal information protection, and at the same time to include additional requirements addressing security risks. The amended version was released in March 2020 and took effect on 1 October 2020. The standard has also frequently been recommended frequently by authorities, and it has now become the go-to guide for many companies seeking to develop a personal information protection compliance system.

The full text of the English version of GB/T 35273-2020 (Information Security Technology—Personal Information Security Specification) is available at: https://www.tc260.org.cn/front/postDetail.html?id=20200918200432.

By Haley WU on 19 October