Chapter 1 General Provisions Article 1 This law is formulated in order to regulate data processing activities, ensure data security, promote data development and utilization, protect the legitimate rights and interests of individuals and organizations, and safeguard national sovereignty, security and development interests. Article 2 This Law shall apply to data processing activities and security supervision within the territory of the People’s Republic of China.
Anyone who carries out data processing activities outside the territory of the People's Republic of China and harms the national security of the People's Republic of China, public interests, or the legitimate rights and interests of citizens and organizations will be investigated for legal responsibility in accordance with the law. Article 3 The term “data” as used in this Law refers to any record of information in electronic or other ways.
Data processing, including data collection, storage, use, processing, transmission, provision, disclosure, etc.
Data security refers to taking necessary measures to ensure that data is effectively protected and used legally, as well as having the ability to ensure continued security. Article 4 To maintain data security, one should adhere to the overall national security concept, establish and improve the data security governance system, and improve data security assurance capabilities. Article 5 The central national security leadership agency is responsible for the decision-making and coordination of national data security work, research, formulation, guidance and implementation of national data security strategies and relevant major principles and policies, overall planning and coordination of major national data security matters and important work, and establishment of national data security work coordination mechanism. Article 6: All regions and departments are responsible for the data and data security collected and generated in the work of their respective regions and departments.
The competent departments of industry, telecommunications, transportation, finance, natural resources, health, education, science and technology shall bear the responsibility for data security supervision in this industry and field.
Public security agencies, national security agencies, etc. shall assume data security supervision responsibilities within the scope of their respective responsibilities in accordance with the provisions of this Law and relevant laws and administrative regulations.
The national cybersecurity and informatization department is responsible for coordinating network data security and related supervision work in accordance with the provisions of this Law and relevant laws and administrative regulations. Article 7: The state protects the data-related rights and interests of individuals and organizations, encourages the reasonable and effective use of data in accordance with the law, ensures the orderly and free flow of data in accordance with the law, and promotes the development of a digital economy with data as a key element. Article 8 When conducting data processing activities, one must abide by laws and regulations, respect social morality and ethics, abide by business ethics and professional ethics, be honest and trustworthy, fulfill data security protection obligations, assume social responsibilities, and must not endanger national security or public interests. , and shall not harm the legitimate rights and interests of individuals and organizations. Article 9 The state supports the promotion and popularization of data security knowledge, improves the awareness and level of data security protection in the whole society, promotes relevant departments, industry organizations, scientific research institutions, enterprises, individuals, etc. to participate in data security protection work to form a whole-society ***Work together to maintain data security and promote a good environment for development. Article 10: Relevant industry organizations shall formulate data security codes of conduct and group standards in accordance with the law in accordance with their charters, strengthen industry self-discipline, guide members to strengthen data security protection, improve data security protection levels, and promote the healthy development of the industry. Article 11: The state actively carries out international exchanges and cooperation in the fields of data security governance, data development and utilization, participates in the formulation of international rules and standards related to data security, and promotes the safe and free flow of data across borders. Article 12: Any individual or organization has the right to complain or report violations of this Law to the relevant competent authorities. Departments that receive complaints or reports should handle them promptly and in accordance with the law.
Relevant competent departments should keep confidential the relevant information of complaints and whistleblowers, and protect the legitimate rights and interests of complainants and whistleblowers. Chapter 2 Data Security and Development Article 13: The state coordinates development and security, insists on promoting data security through data development and utilization and industrial development, and uses data security to ensure data development and utilization and industrial development. Article 14: The state implements the big data strategy, promotes the construction of data infrastructure, and encourages and supports the innovative application of data in various industries and fields.
People's governments at or above the provincial level should incorporate digital economic development into their national economic and social development plans and formulate digital economic development plans as needed. Article 15: The state supports the development and utilization of data to improve the intelligence level of public services. When providing intelligent public services, the needs of the elderly and disabled people should be fully considered to avoid obstacles to the daily lives of the elderly and disabled people. Article 16 The state supports data development and utilization and data security technology research, encourages technology promotion and business innovation in the fields of data development and utilization and data security, and cultivates and develops data development and utilization and data security products and industrial systems. Article 17: The state promotes the construction of data development and utilization technology and data security standard systems. The standardization administrative department of the State Council and relevant departments of the State Council shall, in accordance with their respective responsibilities, organize the formulation and timely revision of standards related to data development and utilization technologies, products and data security. The state supports enterprises, social groups and educational and scientific research institutions to participate in the formulation of standards. Article 18: The state promotes the development of data security testing, evaluation, certification and other services, and supports data security testing, evaluation, certification and other professional institutions to carry out service activities in accordance with the law.
The state supports relevant departments, industry organizations, enterprises, educational and scientific research institutions, and relevant professional institutions to cooperate in data security risk assessment, prevention, and disposal.