Free wifi collects a large amount of users' personal information, encounters marketing calls after browsing websites, and children's smart watches become voyeuristic "eyes"... This year's 3.15 party has exposed a lot of personal information leakage.

This makes people feel afraid, how on earth is our information leaked?

If you encounter the above situation, how can you protect your legitimate rights and interests?

  Free public wifi collects personal information or infringes

  Today, many public places such as shopping malls, restaurants and hotels will install free public wifi, and consumers will also have some applications automatically installed on their mobile phones when they use them.

This type of free wifi application will collect a large amount of user information in the background. Even if the user closes the application from the background, it can run through the self-start function, and may even enter into the online banking and other secret systems, causing the online banking and Alipay to be stolen. , resulting in financial losses.

As everyone knows, the personal information of natural persons is protected by law, and the use of free public wifi to collect personal information may constitute infringement.

  Chapter VI of the Civil Code stipulates that personal information refers to various information recorded electronically or in other ways that can identify a specific natural person alone or in combination with other information, including the natural person's name, date of birth, ID number, biometric information, residential address. , phone numbers, email addresses, health information, whereabouts information, and more.

The private information in personal information shall be governed by the provisions on privacy rights; if there is no provision, the provisions on the protection of personal information shall be applicable.

Article 4 of the Personal Information Protection Law stipulates that personal information refers to various information related to identified or identifiable natural persons recorded electronically or in other ways, excluding anonymized information.

  The excessive collection or intentional disclosure of personal information may also become the source of the crime of communication network fraud, so the violation of citizens' personal information may also bear criminal responsibility.

my country's Criminal Law stipulates the crime of infringing on citizens' personal information, selling or providing citizens' personal information to others in violation of relevant state regulations. Fixed-term imprisonment of not less than three years but not more than seven years and a fine.

Whoever sells or provides to others the personal information of citizens obtained in the course of performing duties or providing services, in violation of the relevant provisions of the state, shall be severely punished in accordance with the provisions of the preceding paragraph.

Whoever steals or illegally obtains citizens' personal information by other means shall be punished in accordance with the provisions of the first paragraph.

If a unit commits the crimes mentioned in the preceding three paragraphs, the unit shall be fined, and the person in charge and other persons directly responsible for it shall be punished in accordance with the provisions of this paragraph.

  In 2019, Li and Yang collected other people's mobile phone numbers by operating instruments in a certain city. After the two were arrested, the investigation agency found that the crime instrument was used with the supporting APP. When the instrument was connected to the mobile phone wifi hotspot, the surrounding mobile phone numbers could be obtained. , and can save other people's numbers in their mobile phone address book, and at the same time through the APP can also send text messages or screen text messages to the corresponding mobile phone, the two illegally obtained more than 50,000 mobile phone numbers of others.

After trial, the court held that Li and Yang illegally obtained citizens' personal information, and the circumstances were serious and constituted the crime of infringing citizens' personal information.

Combined with the nature of the crime, the circumstances, the social harm and the attitude of confession and repentance, Li and Yang were sentenced to one year and eight months in prison and fined respectively.

  Judge reminds:

  When connecting to an unprotected or unknown wifi signal in public, be wary of wifi traps.

Even if it is a regular wifi signal provided by the merchant, do not carry out operations related to personal funds and information such as bank card passwords, various verification codes, login passwords, etc., so as not to give criminals an opportunity.

  Using children's smart watches to "peep" violates privacy

  In order to ensure safety, many parents have purchased children's smart watches with real-time positioning, high-definition dual-camera, face recognition, video calling and other functions for their children, but what about the safety of such watches?

A children's smart watch was exposed at the 3.15 party. After being installed with malicious programs, the background can locate in real time, collect important information multiple times, and can also realize remote control.

The testers found that the fundamental reason is that the operating system is too old. After installation of various apps, multiple privacy functions can be enabled without authorization, and the security risks can be imagined.

  In a certain city, there was a case of using children's smart watches to defraud 112 people with a total of more than 50,000 yuan within 7 months.

The three defendants jointly developed a hacking software by exploiting the protection loopholes of the phone watch, which can easily obtain the identification number of the children's phone watch. "Fee", "outing fee" and other reasons to send text messages to defraud parents.

Since the children's smart watch is also bound to the parent's mobile phone, the parent's mobile phone system is also vulnerable to intrusion, resulting in the leakage of personal information.

  Peeping and eavesdropping through children's smart watches are acts that violate the privacy rights of others.

Regarding the issue of peeping and eavesdropping on children's smart watches, according to Article 1032 of the Civil Code, natural persons have the right to privacy.

No organization or individual may infringe on the privacy of others by means of spying, intrusion, disclosure, disclosure, etc.

Privacy refers to the tranquility of private life of natural persons and the private space, private activities and private information that others do not want to know.

Acts of infringing on the privacy rights of natural persons include filming, peeping into other people's houses, hotel rooms and other private spaces, as well as filming, peeping, eavesdropping, and publicizing other people's private activities.

The use of children's smart watches to peep and eavesdrop on other people's privacy is the above-mentioned violation of privacy rights.

The right to privacy is a civil right enjoyed by natural persons.

Due to the characteristics of the right to privacy, torts are generally manifested as infringing on the personal dignity of natural persons, which may cause mental damage.

According to the provisions of Article 1183 of the Civil Code, if the infringement of a natural person's right to privacy causes serious mental damage, the infringed person has the right to request compensation for the mental damage.

  Judge reminds:

  According to the relevant provisions of the Civil Code and the Consumer Rights Protection Law, a sales contract is established between consumers who purchase children's smart watches and operators. The operators should ensure the user's information security. Information such as the expiration date shall be presented truthfully and comprehensively, and false or misleading publicity shall not be made.

For watches that are prone to security loopholes such as voyeurism due to the old operating system, merchants should remind consumers in time when purchasing, so as to avoid serious consequences due to security loopholes in watches after consumers purchase.

Manufacturers should put the quality of children's smart watches first, and produce children's smart watches that meet safety standards, so that consumers can consume with peace of mind.

Consumers should also pay special attention when purchasing, choose products from regular manufacturers, pay attention to product quality and safety, and beware of personal information leakage.

Browsing bad websites may reveal personal information

  Before shopping, consumers usually browse websites on their mobile phones to learn about merchants or related products. Although they do not leave a phone call, they will soon receive related unfamiliar marketing calls.

This phenomenon was exposed at the 3.15 party this year. Some companies built outbound call systems for some telemarketing companies, provided outbound call services, made harassing calls to users, and could hide the real calling number.

Although this method avoids user complaints and industry supervision, its random access to consumers' personal information may also constitute infringement.

  In May 2020, a company received complaints from users one after another, saying that after browsing the company's promotional website, it continued to receive harassing marketing calls targeting users' browsing content within a short period of time.

The police investigation found that the gang committed the crime mainly by adding to the promotion page without the authorization of the user who browsed the web page, and then jumping to the interface of the communication service provider to obtain the user's mobile phone number, search keywords, IP, browsing time and other data, and The illegally obtained user data is stored in the cloud server, and then the data is pushed to the customer through the customer management system to achieve profit.

  With the popularity of e-commerce and online shopping, the problem of consumers' personal information leakage has become increasingly prominent. The resulting spam text messages, harassing calls, and online fraud threaten our privacy, property, and even personal safety.

According to Article 14 of my country's Consumer Rights Protection Law, consumers have the right to have their personal information protected in accordance with the law when purchasing, using goods and receiving services.

Article 29 stipulates that when operators collect and use consumers' personal information, they shall follow the principles of legality, legitimacy, and necessity, express the purpose, method and scope of information collection and use, and obtain the consent of consumers.

When operators collect and use consumers' personal information, they shall disclose their collection and use rules, and shall not collect and use information in violation of laws, regulations and agreements between the two parties.

Operators and their staff must keep the collected consumer personal information strictly confidential, and must not disclose, sell or illegally provide it to others.

Operators shall take technical measures and other necessary measures to ensure information security and prevent consumers' personal information from being leaked or lost.

When information leakage or loss occurs or may occur, remedial measures shall be taken immediately.

Operators shall not send commercial information to consumers without the consent or request of consumers, or if consumers expressly refuse.

At the same time, Article 50 also stipulates that operators who infringe upon the rights of consumers' personal information to be protected in accordance with the law shall bear the legal responsibility to stop the infringement, restore the reputation, eliminate the impact, make an apology and compensate for the losses.

  Judge reminds:

  According to the above-mentioned laws, operators and staff are obliged to keep the personal information of consumers collected from the website confidential and shall not disclose, sell or illegally provide it to others.

In addition to not actively leaking, operators should also take technical measures and other necessary data security measures to ensure information security and prevent criminals from stealing consumers' personal information.

At the same time, consumers should pay attention, especially when browsing websites, pay attention to protecting personal information, and do not browse unsafe websites.

Because the pages in it may carry viruses, causing the phone to be poisoned.

If they receive a harassing call, consumers can mark the relevant number, pull it into the "blacklist" or report it to the 12321 reporting center, and if it involves a specific industry, they can also report it to the industry competent authority.

Those involved in illegal crimes should report the case to the public security department in a timely manner and earnestly safeguard their legitimate rights and interests.

  (Author: People's Court of Shijingshan District, Beijing)

  Further reading

  Biometric information such as fingerprints and faces are protected by law

  Wang Quanding

  case review

  Mr. Guo entered fingerprints and took photos as required when purchasing a two-person annual card for a certain wild animal world, and kept his personal identification information.

Post-Wildlife World adjusted the identification method of entering the park from fingerprint to face, and sent a text message to Mr. Guo to notify relevant matters, requesting face activation.

Mr. Guo believed that the other party had violated the legitimate rights and interests of consumers by replacing the annual card entry system with face recognition without his consent, so he sued the court.

In the end, the court ruled that Wild Animal World should compensate Mr. Guo for the loss of contract profits and transportation expenses totaling 1,038 yuan, and delete the facial and fingerprint feature information, including photos, that he submitted when applying for the fingerprint annual card.

  Legal Tips

  After the trial, the court held that the text message sent by Wild Animal World had constituted a new offer, and Mr. Guo made it clear that he did not agree to enter the park by face recognition, that is, the offer sent by Wild Animal World in the form of text message was not valid for Mr. Guo.

Wildlife World wants to activate and process the photos it has collected as face recognition information, which exceeds the purpose of prior collection and violates the principle of legitimacy and should be deleted.

  Article 111 of the Civil Code stipulates that the personal information of natural persons shall be protected by law.

If any organization or individual needs to obtain the personal information of others, it shall obtain and ensure the security of the information in accordance with the law, and shall not illegally collect, use, process, or transmit the personal information of others, and shall not illegally buy, sell, provide or disclose the personal information of others.

Article 1034 stipulates that the personal information of natural persons shall be protected by law.

Personal information is a variety of information recorded electronically or in other ways that can identify a specific natural person alone or in combination with other information, including the natural person's name, date of birth, ID number, biometric information, address, phone number, e-mail, health information, whereabouts information, etc.

The private information in personal information shall be governed by the provisions on privacy rights; if there is no provision, the provisions on the protection of personal information shall be applicable.

  It is worth noting that personal information is not the same as personal privacy.

According to the provisions of the Civil Code, personal information can be collected and used in accordance with the principles of legality, legitimacy, and necessity, but privacy refers to the tranquility of private life of natural persons and the private space, private activities, and private information that others do not want to know about.

The two are different. The right to privacy focuses on protecting the tranquility of citizens' private lives, while personal information distinguishes citizens from others.

  Biometric information such as fingerprints and faces, as sensitive personal information, deeply reflects the physiological and behavioral characteristics of natural persons, and has strong personality attributes. Once leaked or illegally used, it may lead to personal discrimination or unexpected harm to personal and property safety. It should be handled with care and strictly protected.

  Yang Hui (Author: People's Court of Chaoyang District, Beijing)