In which year was the crime of selling 50 pieces of personal information officially implemented?

The Network Security Law, which came into effect on June 20 17, stipulated the basic principles of personal information protection at the legal level for the first time. The Network Security Law clearly stipulates that the collection of applicable information shall be subject to the explicit consent of users, irrelevant information shall not be collected, and personal information shall not be provided to others, except that a specific individual cannot be identified and cannot be recovered after processing, and personal information shall not be illegally sold.

Selling more than 50 pieces of personal information is "serious" and should be investigated for legal responsibility. According to the provisions of the Criminal Law, whoever, in violation of the relevant provisions of the State, sells or provides personal information of citizens to others, if the circumstances are serious, shall be sentenced to fixed-term imprisonment of not more than three years or criminal detention and shall also or only be fined; If the circumstances are especially serious, he shall be sentenced to fixed-term imprisonment of not less than three years but not more than seven years and shall also be fined.

The report results show that none of the 1000 websites and apps participating in the evaluation can meet the standard of "high transparency" in privacy policy, and 84 platforms are "high transparency", accounting for 8.4% of the total number of platforms; The number of platforms with moderate transparency is 1 10, accounting for11%; There are 806 platforms with "low transparency" and "low transparency", accounting for more than 80% of the total, and the transparency is "low" by more than 50%.

legal ground

people's republic of china network security law

Fortieth network operators should keep the user information they collect strictly confidential and establish and improve the user information protection system.

Article 41 When collecting and using personal information, network operators shall follow the principles of legality, fairness and necessity, make public the rules of collection and use, clearly state the purpose, manner and scope of collection and use of information, and obtain the consent of the person being collected.

Network operators shall not collect personal information irrelevant to the services they provide, and shall not collect and use personal information in violation of the provisions of laws and administrative regulations and the agreement between the two parties, and shall handle the personal information they save in accordance with the provisions of laws and administrative regulations and the agreement with users.

Forty-second network operators shall not disclose, tamper with or destroy the personal information they collect; Personal information shall not be provided to others without the consent of the person being collected. However, unless the specific individual cannot be identified after processing and cannot be recovered.

Network operators should take technical measures and other necessary measures to ensure the safety of personal information collected by them and prevent information from being leaked, damaged or lost. When personal information is leaked, damaged or lost, it shall immediately take remedial measures, inform users in a timely manner according to regulations, and report to relevant competent departments.

Article 43 If an individual discovers that a network operator has collected and used his personal information in violation of laws, administrative regulations or the agreement of both parties, he has the right to request the network operator to delete his personal information; If it is found that the personal information collected and stored by the network operator is wrong, it has the right to ask the network operator to correct it. Network operators should take measures to delete or correct them.

Article 44 No individual or organization may steal or obtain personal information by other illegal means, or illegally sell or provide personal information to others.

Interpretation of the Supreme People's Court and the Supreme People's Procuratorate on Several Issues Concerning the Application of Laws in Handling Criminal Cases of Infringement on Citizens' Personal Information.

Article 5 Whoever illegally obtains, sells or provides citizens' personal information under any of the following circumstances shall be deemed as "serious" as stipulated in Article 253-1 of the Criminal Law:

(1) Selling or providing information such as whereabouts and tracks for others to use in committing crimes;

(two) knowing or should know that others use citizens' personal information to commit crimes and sell or provide them;

(3) illegally obtaining, selling or providing more than 50 pieces of track information, communication content, credit information and property information;

The judicial interpretation issued this time clearly stipulates that "citizens' personal information" in the relevant provisions of the Criminal Law refers to all kinds of information recorded by electronic or other means that can identify the identity of a specific natural person or reflect the activities of a specific natural person, including name, ID number, communication contact information, address, account password, property status, whereabouts and so on.