个人信息处理中告知和同意在互联网信息服务领域的实践

Notices and Consent in Personal Information Processing in the Context of Internet information services

为落实GB/T 42574—2023《信息安全技术个人信息处理中告知和同意的实施指南》标准的核心内容和关键要求,抖音集团结合自身App实际情况进行产品改造设计,使得标准主要规定得以在三类典型场景中落地。同时,抖音集团构建起内部一体化机制,从组织保障、技术保障、制度保障等三方面入手,推动标准条款向具体业务合规要求转化。本案例中相关产品作为垂类App,其机制设计和功能实现,对行业内企业自我合规和配合监管合规都具有示范性意义。

Based on the core content and key requirements in GB/T 42574—2023 Information security technology—Implementation guidelines for notices and consent in personal information processing and combined with the actual situation,Douyin Group carried out product transformation and design,so that the main provisions of the foregoing guidelines can be implemented in three typical scenarios.At the same time,Douyin Group has built an integrated mechanism within the enterprise to promote the transformation of standard clauses into specific business compliance requirements from three aspects:organizational,technical and institutional insurance.The relevant products in this case are vertical Apps,and their mechanism design and functional implementation have exemplary significance for the selfcompliance and regulatory compliance of enterprises in the industry.