个人信息处理中告知和同意在互联网信息服务领域的实践
Notices and Consent in Personal Information Processing in the Context of Internet information services
李昳婧 1杜蕾 1李梦月 1王敏 1杨骁涵 1刘笑岑 1田申1
作者信息
摘要
为落实GB/T 42574-2023《信息安全技术 个人信息处理中告知和同意的实施指南》标准的核心内容和关键要求,抖音集团结合自身App实际情况进行产品改造设计,使得标准主要规定得以在三类典型场景中落地.同时,抖音集团构建起内部一体化机制,从组织保障、技术保障、制度保障等三方面入手,推动标准条款向具体业务合规要求转化.本案例中相关产品作为垂类App,其机制设计和功能实现,对行业内企业自我合规和配合监管合规都具有示范性意义.
Abstract
Based on the core content and key requirements in GB/T 42574-2023 Information security technology—Implementation guidelines for notices and consent in personal information processing and combined with the actual situation,Douyin Group carried out product transformation and design,so that the main provisions of the foregoing guidelines can be implemented in three typical scenarios.At the same time,Douyin Group has built an integrated mechanism within the enterprise to promote the transformation of standard clauses into specific business compliance requirements from three aspects:organizational,technical and institutional insurance.The relevant products in this case are vertical Apps,and their mechanism design and functional implementation have exemplary significance for the self-compliance and regulatory compliance of enterprises in the industry.
关键词
信息安全/个人信息保护/个人信息处理/告知和同意Key words
information security/personal information protection/personal information processing/notice and consent引用本文复制引用
出版年
2024
NETL
NSTL
万方数据