Collection of personal information in violation of regulations, several banks’ apps have been notified

　　Collection of personal information in violation of regulations, APPs of Guangzhou Rural Commercial Bank, WeBank, and Nanyue Bank were notified

　　On April 23, the Ministry of Industry and Information Technology website notified that apps developed by many banks infringed on user rights and had not completed rectification, including the app developed by Guangzhou Rural Commercial Bank that "collected personal information in violation of regulations" and the app developed by Guangdong Nanyue Bank had "collected personal information in violation of regulations." , APP compulsory, frequent, and excessively requesting permissions", and the APP developed by Qianhai WeBank has "collecting personal information in violation of regulations and collecting personal information beyond the scope".

　　The Ministry of Industry and Information Technology reported that in accordance with the “Network Security Law”, “Telecommunication Regulations”, “Provisions on the Protection of Personal Information of Telecommunications and Internet Users” and other laws and regulations, and in accordance with the “Notice on Promoting Special Rectification Actions for App Infringement of Users’ Rights and Interests,” the Ministry of Industry and Information Third-party testing agencies conduct inspections on mobile phone application software, and focus on urging companies that have problems with games and tools to make rectifications.

So far, the Guangdong Provincial Communications Administration has found that there are still 45 APPs that have not been rectified.

The aforementioned APP should complete the rectification and implementation work before April 29.

If rectification is not made within the time limit, relevant disposal work will be organized and carried out in accordance with laws and regulations.

　　The Ministry of Industry and Information Technology also stated that in the first quarter of 2021, Tencent App Store, Xiaomi App Store, OPPO App Store, Huawei App Market, and Vivo App Store found issues accounted for 14.22%, 13.81%, 12.80%, 11.37% and respectively. 11.17%, there are problems such as lax review of listings, incomplete cleanup of inventory issues, inaccurate information about app developers and operators in registration and verification, and misleading users to download.

The relevant platform enterprises have been urged to carry out comprehensive rectification and strictly implement the main responsibility of the enterprise.

　　In recent years, personal financial information has become an area with a high incidence of violations by financial institutions.

In February of this year, the Guangdong Provincial Communications Administration announced that 215 APPs were ordered to rectify within a time limit.

Among them, 12 types of financial management.

In this report, there are 7 apps that have not been rectified or incompletely rectified in the previous notification, including 4 financial apps such as Xiaoying Technology Cashier, SF Financial, China Post Wallet, and Wanlian e Wantong.

　　As early as December 2020, the National Computer Virus Emergency Response Center discovered through Internet monitoring in the "Net Network 2020" special operation that the six bank APPs of Industrial Bank, Inner Mongolia Rural Credit Union, Inner Mongolia Bank, Haixia Bank, and Ordos Bank had not been issued The user expressly stated all the privacy permissions he applied for and was named for alleged privacy violations.

　　“The reason for repeated prohibitions is that first, APP operating agencies have weak compliance awareness and omissions on potential safety hazards; second, the agencies have a certain degree of fluke, thinking that they can be fished in troubled waters if they do not carry out compliance work and complete compliance work at a discount." Researcher Su Xiaorui told the CBN reporter.

　　Su Xiaorui said that the named organization had rectified but did not change, and it was presumed that the internal management of the organization was chaotic, and there was no clear responsible person after the problem; the organization's understanding of compliance requirements was biased, or the technical level Low and fail to meet regulatory requirements.

It is recommended to improve the system, establish a systematic APP compliance management structure, and clarify the relevant responsible persons. In addition, it is recommended that "lost connection" and "zombie" apps be removed from the application market as soon as possible to avoid becoming criminals. Tools for profit.

　　In addition, Su Xiaorui said that the improvement of personal information protection is not achieved overnight. Commercial institutions and their partners should regulate the management of users’ personal information from data collection, storage, processing, transmission, and disclosure. For example, users’ consent should be sought before collection. , When necessary, the principle of de-identification should be adopted, and internal management and control should be strengthened through the combing of systems and processes, following the principle of “user authorization, minimum sufficient use, special purpose, full protection”, and timely correction of irregular information management behaviors. .

　　Author: Chen Hongjie