What should I do with user data after Tianya Community suspends access?

Properly handle data and protect network memory

Internet platforms should respect users' data autonomy and provide users with channels and mechanisms for processing personal data; The platform also needs to strengthen the protection of user data and take necessary measures to ensure the security and privacy of user data to fully protect the legitimate rights and interests of users.

On May 5, the "Tianya Community" official micro issued an announcement in response to the recent suspension of access to services. This announcement is particularly concerned about the safe preservation of hundreds of millions of user data for more than 27 years.

"Tianya community" is not an isolated case, with the development and popularization of Internet technology, more and more people will leave massive data on the Internet. However, is it necessary for Internet platforms to keep all the data of users? Is user data a "chicken rib" or a "treasure"? Opinions on these issues are currently divided.

It is not necessary to save all data

Where is the vast amount of personal data generated by users surfing the Internet every day stored?

"Influenced by existing communication technologies and the characteristics of network services, Internet platforms usually store users' information and activity records in digital form in servers or cloud storage devices." Liu Xiulong, a professor in the Department of Intelligence and Computing at Tianjin University, believes that although data information can help generate a good user experience and promote enterprise revenue, it is not necessary to save all the user data of the Internet platform.

First of all, from the perspective of information security, user data includes personal privacy information such as name, address, and contact information, and these sensitive data may be threatened by hacker attacks, data leakage, and abuse. "The platform should follow the principle of privacy protection, save only necessary information, avoid abuse or leakage of users' personal privacy, and reduce potential data risks to ensure users' data security." Liu Xiulong said.

Second, redundant data affects platform efficiency and query speed. If a platform holds a lot of duplicate information or outdated records, it will need to process more data volumes when querying and processing data, which will lead to slow and inefficient systems. Redundant data can also lead to confusion and errors. If the same data is repeatedly stored in different locations, when the data needs to be updated or modified, multiple copies need to be modified at the same time, which is likely to lead to data inconsistency.

Finally, storing large amounts of user data requires huge storage and maintenance costs. User data storage requires appropriate hardware devices and storage space. As the amount of data increases, the platform needs to continuously expand the storage device, which will bring corresponding costs; To ensure data security, platforms need to invest money to take various security measures; Saving user data also requires a dedicated person.

Liu Xiulong said that without a clear need, saving all user data will be an expensive task.

"In addition to the above factors, the retention period and scope of user information by Internet platforms is itself a complex issue." Tong Xinyu, an associate researcher in the Department of Intelligence and Computing at Tianjin University, said that specifically, platforms need to comprehensively consider users' intentions, laws and regulations and privacy policies to determine the duration and scope of data retention.

Privacy and security are important considerations. For example, the Regulations on the Administration of Network Data Security (Draft for Comments) (hereinafter referred to as the "Administrative Regulations") states that the processing of sensitive personal information such as personal biometrics, religious beliefs, specific identities, medical health, financial accounts, and whereabouts should be subject to the individual's separate consent. Therefore, Internet platforms cannot save all types of data of users at will.

Laws and regulations have clear requirements for the storage of user data. Different countries and regions also have different regulations on the retention period and scope of user data. For example, the General Data Protection Regulation in Europe stipulates specific requirements for the collection, processing and storage of user data. Internet platforms need to comply with appropriate laws and regulations to ensure compliance, and must not store user data indefinitely.

Business needs and data value also need to be considered. Internet platforms have important business value by analyzing user data to provide personalized services and accurate recommendations. In addition, over time, users' information and behavior may change, and some of the data that is not up to date will be greatly devalued.

User backup and recovery requirements should be handled reasonably

After the "Tianya Community" released the news of suspending access to the service, the most concerned thing was the issue of safe storage of user data. What should the network service provider do with the user's large amount of data when it stops the service?

"For internet platforms, the security of user data is paramount." Liu Xiulong introduced that according to the "Administrative Regulations", if the service is terminated or the individual cancels the account, the data processor shall delete the personal information or anonymize it within 15 working days. Therefore, most Internet platforms that are no longer operating often adopt the method of deleting personal information for user data.

There are two main ways to deal with it. Liu Xiulong said that regardless of the processing method, the Internet platform needs to reasonably handle the backup and recovery needs of users and ensure that user data can be completely and safely deleted or destroyed. If user data is not properly handled, the Internet platform will face the risk of potential legal action or regulatory investigation; The leakage of user data information will also cause public opinion risks.

"For example, when the service is stopped, users can export a copy of their personal information in machine-readable means such as forms or URLs, and this information needs to be transmitted to third-party applications according to the user's instructions." For example, Liu Xiulong said that these practices help users retain their personal information for use in other services after the network service is stopped.

However, for Internet platforms that have ceased to operate, the huge cost of continuing to store users' private information is an important issue.

Liu Xiulong said that in order to improve the privacy and security of users, Internet companies often need to strengthen technology and improve management measures, formulate perfect privacy policies and user agreements, but this requires a large cost.

For normal operating Internet companies, the balance between storage cost and cost performance needs to be considered to ensure that the storage and use of data can bring reasonable economic benefits. For defunct internet companies, the cost and value of storing data also need to be evaluated to decide when to stop storing and maintaining data.

Policies and technologies make efforts to safeguard data security

Tong Xinyu believes that users should enjoy the right to decide independently whether to save personal data on Internet platforms.

According to China's Personal Information Protection Law, the collection, use, storage, processing, transmission and disclosure of personal information must follow the principles of legality, propriety and necessity, and ensure the security of personal information. Based on this, Internet platforms should provide users with more detailed data permission settings, including allowing users to decide whether to save their personal data.

"User data has commercial value, and the platform can realize the design of user portraits and recommendation algorithms based on data." Tong Xinyu said that users have ownership and control over personal data, and the platform should respect the user's wishes when processing data, follow the user's choice, and not use or circulate this data privately to protect the user's rights and interests and the security of the data.

When the platform goes down or stops serving, the data may not be saved, and it is difficult to restore and reproduce it later.

"The personal data saved by users on the Internet platform is not only an identification of their identity, but also a sustenance for their emotions, with privacy and sensitivity. The suspension of the platform service will cause inconvenience and loss to the user. Liu Xiulong believes that users should have the right to make independent decisions about their personal data, including whether to store, how to use it, and when to delete it.

From the perspective of national policies, internet platforms should respect users' data autonomy and provide users with channels and mechanisms for processing personal data; The platform also needs to strengthen the protection of user data and take necessary measures to ensure the security and privacy of user data to fully protect the legitimate rights and interests of users.

At the same time, as data processors, Internet companies also have the responsibility and obligation to protect the security of user data, which is not only a requirement of the law, but also a need to protect their own reputation and competitiveness.

"If we want Internet platforms to better protect the security of user data, we can mainly focus on policy and technology." Liu Xiulong believes.

In terms of policy, the government should formulate relevant regulations to require enterprise platforms to protect users' data rights and interests and prevent risks such as data leakage, abuse and infringement. At present, China has promulgated the Cybersecurity Law, the Personal Information Protection Law, the Data Security Law and other relevant laws, which clearly stipulate and supervise the data management activities of Internet platforms.

Internet platforms can also rely on the guidance of the government to build industry alliances and jointly formulate industry standards and norms, which can not only promote exchanges and cooperation between enterprise platforms in technology and business, but also jointly improve the level of data security and respond to crises such as cyber attacks and data leaks.

In terms of technology, computer security technology is one of the key means to ensure the security of user data. Among them, blockchain technology can ensure the security and credibility of data by storing data on distributed nodes and using cryptographic technology for encryption and verification. At the same time, due to the decentralized nature of blockchain, problems such as single points of failure and data leakage can be avoided. Therefore, blockchain technology is currently considered to be a very suitable technology for ensuring data security.

Liu Xiulong said that saving user data and ensuring its security is inseparable from multi-party collaboration and efforts. The platform should strengthen internal management, establish a sound data management mechanism, strengthen security audits and bug fixes, comply with relevant laws and regulations, and improve legal compliance awareness. At the same time, governments and industry associations should also strengthen the supervision and guidance of Internet platforms, promote the construction of safe, credible and controllable digital ecological environments on Internet platforms, and provide better guarantees for the security of user data. (Science and Technology Daily reporter Chen Xi)