The old problems such as "streaking" and excessive claims on APP have not been solved, and new problems brought by face recognition have come again

New and old problems overlap, personal information protection faces new challenges

  Reading tips

  Issues such as privacy leakage of express delivery orders, excessive claims of APPs, and illegal use of personal information are still outstanding, and the issue of facial information leakage is coming again. Industry insiders believe that the superposition of new and old issues makes personal information protection face new challenges. Therefore, we must make great efforts to solve the outstanding problems faced by the protection of personal information, and guard the security of personal information.

  "Today, when the real-name system of express delivery is fully popularized, the implementation of the express privacy form is not ideal, which provides convenience for online fraud and mass harassment text messages. Especially during the epidemic, a large number of elderly people at home who have resisted the epidemic also learned to shop online Once the information is leaked, it is easy to be targeted by criminals." A few days ago, China Post Group Co., Ltd. Shanghai Post District Central Bureau Receiver Chai Xuanxuan told reporters that some apps excessively claim rights and illegally collect and use personal information. Very prominent.

  The old problems such as the "streaking" of express delivery and excessive claims on APP have not been solved, and new problems brought by new technologies such as face recognition are coming again. In April this year, the Network Security Brigade of the Suyu Branch of the Public Security Bureau of Suqian City, Jiangsu Province conducted an on-site supervision and inspection of a fitness center in accordance with the requirements of the "Internet Security Supervision and Inspection Regulations of Public Security Organs". The survey found that this fitness center has 5 stores and collected personal information such as face photos of more than 20,000 members.

  This year’s work report of the Standing Committee of the National People’s Congress mentioned that biosafety laws and personal information protection laws have been formulated around national security and social governance. In the opinion of some industry insiders, the superposition of new and old issues makes personal information protection face new challenges. Therefore, the promulgation of the Personal Information Protection Law is expected to solve the outstanding problems faced by the protection of personal information, and keep the personal information security line of defense.

Problems of personal information protection during the epidemic

  During the investigation, Chai Shanxun found that during the epidemic, couriers could not enter the community, and many courier brothers "street stalls" at the door of the community. Because many couriers did not use privacy sheets, citizens who came to express can easily see other citizens information.

  In addition to courier delivery, Chai Sanxun also found that some apps excessively claim rights, illegally collect and use personal information and other issues also highlighted during the epidemic.

  The reporter noticed that in April this year, due to non-compliance with suspected violations of user privacy, more than 20 kinds of fresh food delivery, medical and online education mobile applications such as Ding-Dong Express and Dr. Chun Yu were notified by the National Computer Virus Emergency Response Center. , And carry out the rectification under the shelf.

  Che Jie, Vice President of Jiangsu Lawyers Association pointed out that for government departments and grassroots self-government organizations and other relevant entities (Internet companies, hospitals, supermarkets, pharmacies, buses, rentals, properties, schools, etc.) for the needs of epidemic prevention and control, collect The rules for using, storing, transmitting, and destroying personal information have not yet been introduced. There is a risk of improper disclosure and use of personal information, which requires attention.

"Face" brings new personal information protection problems

  During the epidemic prevention and control period, some communities introduced the "Face Recognition Access Control System", which ensured the safety of personnel and the accuracy of information, while also greatly saving the cost of personnel in the community and the property, and ensuring the efficiency of access. However, this move also brings the risk of "face" information leakage.

  In March of this year, many media reported that some illegal merchants were selling more than 100,000 face photos wearing masks on the Internet. These photos are 0.2 yuan each and there are discounts for 100,000 or more. Among them, some people take facial photos when they go to work to check in or enter or exit the gate.

  In response to the recent "face-washing" trend, Tan Jianfeng, chairman of the Shanghai Information Security Industry Association, is cautious. "Why is face recognition insecure? It's not that the technology itself is insecure, the technology is only auxiliary, and the more important thing is whether the supervision is in place and the security protection is perfect." In Tan Jianfeng's view, many Internet companies focus on the development of security rather than security. Construction of light protection. According to the relevant provisions of the National Cybersecurity Law, whoever collects the data is responsible, but there are not many platforms that can do it now.

  "Biometric data is unique and non-renewable. Facial features and fingerprints cannot be changed. It is impossible to achieve it by the simple way of changing the password. This is the most critical difference between biometric data and traditional authentication data." Tan Jianfeng said.

Put a "protective suit" on personal information

  "Due to the leakage of personal information, users may be harassed by sales calls, spam messages, spam, and even fraudulent calls, which will not only cause inconvenience to the infringer’s personal life, but may also cause substantial physical and mental damage, so they should be personal Put a piece of'protective clothing' on the information." Chai Xuanxuan said that from the postal express industry, government departments should strengthen the supervision of the internal information operation of express companies, and increase efforts to promote the use of private face-to-face technology for express companies.

  "At present, China has not yet formulated a special law on the protection of personal information. Personal information protection is composed of specific laws, administrative regulations, local regulations, various regulatory documents and departmental regulations. The content is scattered and unstructured. Therefore, to accelerate Promoting the legislative process of the Personal Information Protection Law is of great significance for the current overall planning for epidemic prevention and control, economic and social development, and strengthening personal information protection." Chi Rida, vice chairman of the All China Lawyers Association, told reporters.

  In view of the risk of leakage of personal information collected during epidemic prevention and control, Che Jie suggested that when the purpose of collecting information has been achieved (such as when epidemic prevention and control work is no longer needed), the retention period of personal information that has been collected and used should be analyzed Restrictions, and at the same time meet the needs of monitoring and early warning and inventory data protection in the later stage of the epidemic. The personal information shall be deleted, cleaned up or at least desensitized, to avoid abuse of non-epidemic prevention and control.

  Regarding the risk of personal information leakage caused by "face-washing", Tan Jianfeng pointed out that whether it is an individual user or an enterprise, the collection of biometric data must follow strict security policies and requirements. For example, try to reduce the usage scenarios of biometric data, delete unnecessary biometric data in time, and avoid centralized data storage. Units that do not have a high level of security or cannot provide users with security protection cannot collect biometric data.

  Our reporter Yang Zhaokui Wang Qun Zhao Jianying