Network security

Comparative analysis of “Data Security Law”, “Network Security Law” and “Personal Information Protection Law”

With the rapid development of 5G, blockchain, big data, artificial intelligence, and other information and communication technologies, our lives have been gradually networked and digitized. have started to digitize it. Not so long ago, the Standing Committee of the National People’s Congress passed a successful law, the “Data Security Law”. I also did some learning. In addition to this law, there was also a “cybersecurity law” previously. The current “Personal Information Protection Act” is also rushing into legislation. What kind of relationship are these three laws? It is a bit vague, so today we will focus on studying these three laws in a comparative manner (reminder, the “Law on the protection of personal information” has not yet been published, I do not will not invite later in this article for convenience).

What the three have in common??

1. The context of the legislation is basically the same

The three laws are all born from the rapid development of information and communication technologies such as 5G, blockchain, big data and artificial intelligence. Legislating on these emerging technologies meets the development needs of the time.

2. The value orientation of the legislation is basically the same

It seems that we need “security” more than ever. Now when we talk about “security” we are referring more to non-traditional security. It is also the comprehensive concept of national security mentioned in the National Security Law. Although from a development point of view we always prioritize “efficiency”, “efficiency” cannot be “streaked” like a runaway horse. Because the “efficiency” gained at the expense of “security” is not worth the gain.

3. The core of the object in legal relations is basically the same

These three laws can be the “troika” in the digital economy. Although the objects to be regulated are different, they generally revolve around the production and use of data and information. The Internet is the basis for the transport of information. Interaction and transmission are the goals of the Internet, and the intangibility and dissemination of information must be controlled. The heart of control is government and personal information.

Traditionally, one of the objects of legal relationships has been human behavior. In the age of big data and artificial intelligence, human behavior is no longer limited to physical behavior. Human behavior has been transformed into various information and data. Can’t you see? Buying and selling, using, expressing thoughts is all done by clicking and manipulating smartphones and computers.

4. Legislative influence is basically the same

Based on the above, these three laws will affect all aspects of the country, society, government and individuals, as computerization and digitization has been mainstreamed into all aspects of personal social life, behavior government and state behavior.

The main difference between the three laws

1. The legislative objectives of the three are different

The “Cybersecurity Law” emphasizes the national sovereignty of cyberspace. The “Data Security Act” focuses more on data security and national security based on data security, and the “Personal Information Protection Act” focuses on the protection of personal information.

2. The objects adjusted by the two and three are different

From the point of view of the object of adjustment, the three laws overlap. Article 76 of the “Cybersecurity Law” defines cybersecurity as “the means to take the necessary measures to prevent attacks, intrusions, interference and sabotage, illegal use and accidents, keeping the network in stable and reliable operating condition, as well as the ability to ensure the integrity, confidentiality and availability of network data. “The last sentence here refers to data security but in a subordinate position. Section 3 of the “Data Security Law” states that “data security refers to the adoption of the necessary measures to ensure that the data is in a state of effective protection and lawful use, as well as the ability to ensure a continuous state of security. achieve legislative goals by regulating the “construction, operation, maintenance and use of networks in the territory of the People’s Republic of China”, while the “Data Security Law” focuses on regulation ” data processing activities in the territory of the People’s Republic of China ‘to achieve legislative objectives. Data processing refers to “the collection, storage, use, processing, transmission, provision, disclosure, etc. “. Some of these data processing activities are internet based and some are not. To give an inappropriate example, it’s like a house. The “Cyber ​​Security Act” focuses more on the security of the room door and each door, while the “Data Security Act” refers to the security of things in the house. What about the “Protection of personal information”? Privacy is probably the equivalent of the vault of the most valuable items inside a house, where your ID card, bank card, residence book and some important privacy files are stored. “Protecting Personal Information” involves both cybersecurity and data protection. The “Data Security Law” contains not only personal information, but also government information, as well as information about other industries. Therefore, the “Data Security Law” adopts a “graduated and classified protection system”. In summary, the three laws are independent of each other and have their own emphasis, but they also overlap.

3. The adjustment modes of the three laws are different

The adjustment mode of the “Cybersecurity Law” focuses more on regulation and adjustment according to the links involved in the operation of the network, and it is mainly divided into two parts: “the security of the network operation ”and“ network information security ”. The objects of regulation are mainly three types of entities, network operators, suppliers of network products and services and operators of key information infrastructures. The “Data Security Law” does not regulate according to the flow of “production, processing, circulation and use of data”, but divides it into a “data security system” and “security protection obligations”. data ‘for regulation and adjustment, and the objects of adjustment are more extensive, that is, all subjects engaged in data processing activities should be regulated and limited by this law. The “Personal Information Protection Act” is more specific. Rather, it is about adapting and protecting a de facto private law act (in other words, providing personal information and obtaining various services) in public law. Many articles of this law deal with empowerment. Chapter 4 is “Individual’s Rights in Personal Information Processing Activities”, and Chapter 5 is “Obligations of Personal Information Processors”. Yet, the “cybersecurity law” and the “data security law” are fundamentally mandatory provisions. In particular, the “Data Protection Obligation” is its own chapter in the “Data Security Act”.

In summary, we have carried out some superficial comparative analyzes of these three laws in the hope of having a better understanding of the positioning of the three laws.

Source link