Experts call for overweight personal privacy protection to establish data lifecycle management
A few days ago, my country's first "DES-CSI Evaluation Research Report on China's Digital Economy Service Quality Satisfaction" was published to evaluate the quality of digital economy services from the perspective of consumers. The report shows that 61.3% of consumers believe that there is still much room for improvement in the current laws and regulations related to digital economic services and the protection of personal privacy and security, mainly reflected in the protection of personal privacy and security in the instant messaging service format.
Data is an asset and the value of data is already a social consensus. At the same time, the controversy accompanying the excessive collection of information and the collection without the consent of users has also been around for a long time.
According to the prompt of the national recommended standard "Information Security Technology Personal Information Security Specification", the collection of users' personal information should have a clear purpose, and no additional information should be collected beyond the purpose related to product functions. But in real life, users often have little "no comment" freedom when facing various apps that cannot be discarded.
“Considering the diverse types of apps, industry authorities can publish guidelines and other methods to specify the scope of information collection for typed business scenarios. Clear authority and detailed management.” Executive Director of the International Center for the Rule of Law of the Network, Beijing Normal University, Research Center of the China Internet Association Secretary-General Wu Shenkuo said that, according to the "Basic Specifications for Collecting Personal Information (Mobile) of Information Security Technology Mobile Internet Applications (Apps)" issued by the National Information Security Standardization Technical Committee, personal credit information must be queried by users; financial lending apps Can collect emergency contact information, but only two people; App should allow users to manually enter contact information, rather than force reading the address book.
For the highest level of biometric information, the protection level should naturally be the highest level. Biometrics, especially face, fingerprint, iris, palm veins, voiceprint, gait shape, and genes, are widely used in smart products and also expose serious security issues. Biometric information cannot be changed. Once leaked, individuals may be exposed to the risk of being attacked and harassed for life. Therefore, some people in the industry believe that all kinds of subjects involved in the whole life cycle of data should be clearly identified, and various acts of illegal use of data such as theft, abuse, tampering, and disclosure should be severely cracked down.
"For the entire life cycle of data processing, it is the core of standardized data governance to clarify the rights and obligations of the parties involved. The key point is to achieve a reasonable balance of personal rights, industrial interests and social and national interests in specific scenarios. At present, all sectors of society The most urgent need is the construction and implementation of the data transfer rule system." Wu Shenkuo explained.
In addition, Baidu Chairman Li Yanhong also believes that for personal information collected during special time periods, an exit mechanism can be established, and the standardized management of collected data can be strengthened. Research and development of standards and standards for the collection, storage and use of personal information of citizens during special periods specification.