Rule number one In order to protect the safety of children's personal information and promote the healthy growth of children, these Provisions are formulated in accordance with the Cyber Security Law of the People's Republic of China and the Law of People's Republic of China (PRC) on the Protection of Minors.
Rule number two Children mentioned in these Provisions refer to minors under the age of fourteen.
Rule three. These Provisions shall apply to the collection, storage, use, transmission and disclosure of children's personal information through the Internet in People's Republic of China (PRC).
Article 4? No organization or individual may produce, publish or disseminate information that infringes on the safety of children's personal information.
Article 5? Children's guardians should correctly perform their guardianship duties, educate and guide children to enhance their awareness and ability to protect personal information and protect the safety of children's personal information.
Article 6? Encourage Internet industry organizations to guide and promote network operators to formulate industry norms and codes of conduct to protect children's personal information, strengthen industry self-discipline and fulfill social responsibilities.
Article 7? When collecting, storing, using, transmitting and disclosing children's personal information, network operators should follow the principles of proper necessity, informed consent, clear purpose and safe and legal use.
Article 8? Network operators should set up special rules and user agreements for the protection of children's personal information, and designate special persons to be responsible for the protection of children's personal information.
Article 9? Network operators who collect, use, transmit or disclose children's personal information shall inform the children's guardians in a prominent and clear way and obtain the consent of the children's guardians.
Article 10? When the network operator obtains the consent, it shall also provide the refusal option and clearly inform the following matters:
(1) The purpose, manner and scope of collecting, storing, using, transmitting and disclosing children's personal information;
(two) the place, time limit and handling method of children's personal information after it expires;
(3) Security measures for children's personal information;
(4) Consequences of refusal;
(five) the channels and methods of complaints and reports;
(6) Ways and means to correct and delete children's personal information;
(seven) other matters that should be informed.
If the matters notified in the preceding paragraph are substantially changed, the consent of the child's guardian shall be obtained again.
Article 11? Network operators shall not collect children's personal information irrelevant to the services they provide, and shall not collect children's personal information in violation of laws, administrative regulations and agreements between the two parties.
Article 12? The storage of children's personal information by network operators shall not exceed the period necessary for collection and use.
Thirteenth network operators should take encryption and other measures to store children's personal information to ensure information security.
Article 14 The use of children's personal information by network operators shall not violate the provisions of laws and administrative regulations and the purpose and scope agreed by both parties. If it is really necessary to use it beyond the agreed purpose and scope due to business needs, the consent of the child guardian shall be obtained again.
Fifteenth network operators should strictly set information access rights and control the scope of children's personal information on the principle of minimum authorization for their staff. Staff accessing children's personal information shall be approved by the person in charge of children's personal information protection or its authorized management personnel, and the access situation shall be recorded, and technical measures shall be taken to prevent children's personal information from being illegally copied and downloaded.
Article 16 If a network operator entrusts a third party to handle children's personal information, it shall conduct a safety assessment of the trustee and the entrusted behavior, sign an entrustment agreement, and clarify the responsibilities of both parties, handling matters, handling period, handling nature and purpose, etc. Entrustment shall not exceed the scope of authorization.
The trustee specified in the preceding paragraph shall perform the following obligations:
(1) Handling children's personal information in accordance with the provisions of laws and administrative regulations and the requirements of network operators;
(two) to assist network operators to respond to the application made by children's guardians;
(three) to take measures to ensure information security, and in the event of children's personal information disclosure security incidents, timely feedback to the network operators;
(4) Delete children's personal information in time when the entrustment relationship is terminated;
(five) shall not be entrusted;
(six) other children's personal information protection obligations that should be fulfilled according to law.
Article 17? If a network operator transmits children's personal information to a third party, it shall conduct safety assessment by itself or entrust a third party organization.
Article 18? Network operators shall not disclose children's personal information, except those that should be disclosed according to laws and administrative regulations or can be disclosed according to the agreement with children's guardians.
Nineteenth children or their guardians have the right to ask network operators to correct their personal information collected, stored, used and disclosed. Network operators should take timely measures to correct it.
Article 20? If a child or his guardian requests the network operator to delete the children's personal information collected, stored, used and disclosed by him, the network operator shall take timely measures to delete it, including but not limited to the following situations:
(1) Network operators collect, store, use, transmit or disclose children's personal information in violation of laws, administrative regulations or agreements between the two parties;
(2) Collecting, storing, using, transmitting or disclosing children's personal information beyond the scope of purpose or the necessary period;
(3) The guardian of the child withdraws his consent;
(four) children or their guardians terminate the use of products or services by means of cancellation.
Article 21? If the network operator finds that children's personal information has been or may be leaked, damaged or lost, it shall immediately start the emergency plan and take remedial measures; If it has caused or may cause serious consequences, it shall immediately report to the relevant competent authorities, and inform the affected children and their guardians of the incident by mail, letter, telephone call and push notice. If it is difficult to inform them one by one, relevant early warning information should be released in a reasonable and effective way.
Article 22? Network operators shall cooperate with the supervision and inspection carried out by the network information department and other relevant departments according to law.
Article 23? If the network operator stops operating products or services, it shall immediately stop collecting children's personal information, delete the children's personal information it holds, and inform the children's guardian of the notice of stopping operation in time.
Article 24? Any organization or individual who finds any violation of these provisions may report to the network information department and other relevant departments.
If the network information department and other relevant departments receive relevant reports, they shall handle them in a timely manner according to their duties.
Article 25? If the network operator fails to implement the responsibility of children's personal information security management, and there is a big security risk or a security incident, the network information department will conduct an interview according to the responsibility, and the network operator shall take timely measures to rectify and eliminate hidden dangers.
Article 26? Violation of these provisions shall be dealt with by the network information department and other relevant departments according to their duties and relevant laws and regulations such as the Cyber Security Law of the People's Republic of China and the Measures for the Administration of Internet Information Services; If a crime is constituted, criminal responsibility shall be investigated according to law.
Article 27? Anyone who is investigated for legal responsibility in violation of these provisions shall be recorded in the credit file and publicized in accordance with the provisions of relevant laws and administrative regulations.
Article 28? If the information is automatically retained and processed through the computer information system and it cannot be determined that the retained and processed information belongs to children's personal information, it shall be implemented in accordance with other relevant regulations.
Article 29? These Provisions shall come into force as of 20 19 10 1.