The processing of personal data would be conducted only when data subjects so agree, unless otherwise provided by law, according to a draft decree on protection of personal data recently released by the Ministry of Public Security.
As per the draft, personal data processing includes, but is not limited to collecting, recording, analyzing, storing, altering, disclosing, providing access to, tracking, using, deleting or destroying personal data.
Administrative agencies may only process personal data in case of performing public duties to fulfill obligations as required by laws or international agreements.
Personal data might be disclosed in the mass media for press purposes without the consent of data subjects provided that the disclosure of data brings about large public interests, conforms to ethical principles of journalism ethics, and does not cause too much damage to data subjects. However, there are several types of personal data which must not be disclosed, including sensitive personal data such as those on ones’ political and religious viewpoints; ethnicity and race; health status; genetic information; biometric data; gender and sexuality; and crime data. Disclosure of personal data would also be disallowed if such the disclosure harms legitimate interests of data subjects.
Besides, data subjects might require those who disclose their personal data to terminate the disclosure, unless such disclosure complies with laws. They might also request data processors to stop disclosing their personal data at any time unless otherwise provided by law and such request is technically conformable and does not require unreasonably high costs.- (VLLF)