The draft version, published by the Ministry of Information Industry on 27 July, contains some rules for the Internet service providers concerning data protection.
According to these rules, Internet service providers do not collect, without the user’s consent, information that – alone or combined with other data – are able to provide user’s identity information. Furthermore the ISP only collects personal information necessary for the required services and informs users of the fact that the data are being collected, explaining the purposes related to the processing. The ISP has not to exceed these purposes and is not allowed to provide personal information to third parties without the user’s consent.
These rules do not affect different or conflicting provisions contained in other laws or administrative regulations.
Finally, the draft version provide that any data breach, that involves serious consequences, should be reported immediately by the ISP to the Ministry of Industry and Information.