Recently, OPPO and Deloitte jointly released the “Mobile Application (App) Personal Information Protection White Paper”.

The white paper analysis believes that the platform will gradually become the focus of law enforcement in the protection of personal information. At present, the high fines for infringement of personal information are concentrated in the financial industry and may be extended to industries such as the Internet in the future. In addition, after the Personal Information Protection Law comes into effect, a coordinated personal information protection supervision system is conducive to the implementation of the law, but for enterprises, more resources and costs need to be invested to meet the requirements of different dimensions.

Text / Sun Chao

Recently, OPPO and Deloitte jointly released the “White Paper on the Protection of Personal Information in Mobile Applications” (hereinafter referred to as the “White Paper”).

The white paper analysis believes that the platform will gradually become the focus of law enforcement in the protection of personal information. At present, the high fines for infringement of personal information are concentrated in the financial industry and may be extended to industries such as the Internet in the future. In addition, after the Personal Information Protection Law comes into effect, a coordinated personal information protection supervision system is conducive to the implementation of the law, but for enterprises, more resources and costs need to be invested to meet the requirements of different dimensions.

picture

App illegal collection and use of personal information is the main problem

In recent years, with the development of technologies such as big data, cloud computing, and artificial intelligence, user data has become a strategic asset for enterprise development. At the same time, the public’s emphasis on the protection of personal information has gradually increased, and how to balance protection and development has become a topic that many companies cannot avoid.

The white paper combed the official report and found that with the increasing intensity of App governance in recent years, the situation of no privacy policy or obscure privacy policy has been greatly improved, but the illegal collection and use of personal information by App is still the main problem of current App violations. In addition, the compulsory claims, frequent claims, and excessive claims are also the second most common problems in official notifications. Developers need to focus on the app development process.

In addition, the issue of third-party SDK stealing users’ personal information has caused widespread concern. The white paper analysis believes that because third-party SDKs generally do not provide services to users independently, but rely on App access, even if the third-party SDK directly collects personal information, users are in a state of unaware or weak perception of their behavior during the use of the App. . In addition, in most cases the personal information processing activities of third-party SDKs are relatively opaque to App developers, and it is difficult for App developers to control them. Although SDK is a key part of personal information protection, there are relatively few related standards and industry practical experience.

In this regard, the white paper recommends that SDK providers improve the personal information protection compliance system, learn from historical experience, take necessary security measures in the process of providing services to ensure the safety of users’ personal information, and openly collect and use it from App developers and end users. Personal information rules.

picture

High fines are concentrated in the financial industry and may be expanded to industries such as the Internet in the future

According to incomplete statistics in the white paper, the Ministry of Industry and Information Technology, the Ministry of Public Security, the State Administration of Market Supervision and Administration, and the State Internet Information Office and its provincial-level units notified a total of 2111 apps and notified the removal of 470 apps from 2019 to August 2021. The State Administration of Market Supervision and Administration fined 19.46 million yuan in the special law enforcement action of “protecting consumption” and cracking down on illegal activities against consumers’ personal information in 2019.

Regarding the future regulatory trends in the protection of personal information, the white paper analyzes that platform parties will gradually become the focus of law enforcement. At the same time, the basis for penalties has changed from explicit violations to non-dominant violations, showing a diversified trend. Companies should pay more attention to more details in compliance work, such as the collection and use of non-essential information, binding authorization, blanket authorization, and third-party information abuse.

A review of the white paper found that in recent years, the Central People’s Bank has issued three fines of more than 4 million yuan in response to incidents of infringement of personal information.

The white paper analysis believes that the reason why the banking industry has become the main disaster area for large-scale fines is that on the one hand, banks have a large user group and have a large amount of user data; on the other hand, financial data is the most sensitive concern of consumers. One of the types of data, its leakage and misuse often cause great economic losses; in particular, for the strong regulatory environment of the banking industry, starting from the banking industry, heavy rectification can be achieved to reduce major risks and achieve high law enforcement efficiency. Purpose.

The white paper stated that it is foreseeable that other industries such as medical care and the Internet have the characteristics of multiple user data access points and large amount of data. Then, referring to the regulatory thinking of the banking industry, cases of large-scale penalties may also appear in other industries. .

picture

Companies may need to invest more to meet regulatory requirements in different dimensions

At the level of laws and regulations, as the first specialized legislation in the field of personal information protection, the Personal Information Protection Law will be formally implemented on November 1.

According to the Personal Information Protection Law, the national cybersecurity and informatization department is responsible for the overall coordination of personal information protection and related supervision and management; the relevant departments of the State Council are responsible for personal information protection and supervision and management within their respective responsibilities in accordance with the provisions of this law and relevant laws and administrative regulations. Work.

The white paper analysis believes that the national cybersecurity and informatization department serves as the presidential planner, and the relevant departments of the State Council are responsible for personal information protection and supervision and management within their respective responsibilities, taking into account industry differences. At the local level, the relevant departments of the local people’s government at or above the county level, as specific implementation supervisors, perform personal information protection and supervision and management responsibilities, taking into account regional differences.

As a result, a networked supervision system with industry supervision as the horizontal axis and local supervision as the vertical axis is formed, which will facilitate the implementation of the personal protection law, but for companies that are personal information processors, more resources and costs need to be invested To meet the requirements of different dimensions.

The white paper believes that based on the requirements of the “Notice on Implementing the Personal Information Protection Law and Promoting the Prosecution of Personal Information Protection Public Interest Litigation Work” issued by the Supreme People’s Procuratorate and the implementation of special actions, more typical public interest lawsuits in the field of personal information protection will also appear in the future. Case. Civil litigation and public interest litigation have become new tests and challenges for personal information processors in the protection of personal information.

In addition, what can consumers do to protect personal information? The white paper stated that the development of safe usage habits by consumers will not only help avoid risk incidents, but also feed back the implementation and update of regulatory requirements, and promote the self-discipline and active compliance of various entities in the industry.

Therefore, the white paper suggests that in the daily use of Internet products, consumers can maintain the following good habits:

1. Download the App in the official app store or the official website of the App product provider, and do not click on the link of unknown source to download and install;

2. Before using the App and related services, carefully read the personal information protection policy to fully understand the types, purposes and methods of personal information collected and used by the App, and how to exercise user rights and other content;

3. Be cautious in granting App use sensitive permissions (such as location, camera, microphone, address book, etc.). You can turn on relevant sensitive permissions when using App specific functions or services, and turn off when not in use;

4. Use the privacy functions or privacy settings provided by the App to actively and reasonably exercise your rights to personal information;

5. When a potential safety hazard is discovered, contact the APP product provider in time, which can effectively reduce the adverse impact caused by the security incident;

6. In case of infringement of users’ personal information, promptly contact the product provider or lodge a complaint with the relevant agency.

The Links:   NL10276AC30-04R G215HAN010