Browse the purchase information on the mobile phone, turn around and receive the decoration sales call; When a product is mentioned in the chat, you will receive similar advertising push when you open the shopping app... Similar to the above scene of "being monitored by the app", it is not strange to many people. On November 8, the Ministry of industry and information technology interpreted the notice on carrying out awareness improvement action of information and communication services, pointing out that it is necessary to establish a list of personal information shared with third parties, so that users can know what information the enterprise has collected, where the information will be shared and where it will be used. In the era of Internet and big data, personal information is a valuable digital asset. Protecting the rights and interests of personal information is one of the most direct and realistic interests of the broad masses of the people. In the face of excessive collection, illegal acquisition, illegal trading, disclosure, abuse and other chaos, how to build a "Golden Bell" for personal information security? What changes will be brought about after the implementation of the personal information protection law? How to balance the relationship between the innovation and development of digital economy and the protection of personal information? The reporter interviewed relevant experts. Personal information security issues have been repeatedly exposed, and there are hidden dangers online and offline QQ music collected personal information beyond the scope, and Yaduo used personal information in violation of regulations... On November 3, the Ministry of industry and information technology reported that 38 apps had problems such as exceeding the scope and excessively collecting users' personal information, and required to complete rectification before November 9. The app's over range and high-frequency request for permission and the collection of users' personal information in non service scenarios are the prominent hidden dangers of online personal information protection. The reporter opened the relevant policy description of a music application. In the chapter "how to collect and use personal information", in addition to completing the purposes of registration, login and identity authentication, it also includes the commercial use of some of the collected personal information, such as extracting browsing, searching preferences, location information, pushing personalized advertising, etc, This is also the potential commercial value of personal information in the era of digital economy. Accurate portrait using personal information is conducive to improving the user experience and playing a positive role in the development of digital economy, but it also produces phenomena that infringe on consumers' rights and interests, such as "killing cooked" big data. A special survey conducted by Beijing Consumer Association shows that 88.32% of respondents believe that the phenomenon of "killing cooked" big data is common or very common. "People have obvious feelings about the problem of big data 'killing the ripe'." Huang Daoli, director and researcher of the network security law research center of the Third Research Institute of the Ministry of public security, said that big data "killing the ripe" means that the Internet platform implements price discrimination against users by relying on data advantages and information asymmetry. It is mainly caused by algorithmic pricing, which is typically manifested in that new and old users are treated differently in price. In addition to improper collection and utilization, some enterprises or individuals also put personal information on the trading table and sell personal information at a marked price, which breeds various illegal and criminal activities such as network fraud and telecom fraud, forming a black industrial chain of personal information disclosure, trading and fraud. For example, in a case of infringing on citizens' personal information uncovered by the police in Huai'an, Jiangsu Province, a bank employee sold the identity information, telephone number, balance and even transaction records of the bank card user for profit at the price of 80 yuan to 100 yuan each, involving more than 50000 pieces of personal information; Internal employees of an express company colluded with external criminals to disclose 400000 user personal information, of which about 45000 effective information were packaged and sold to the high incidence area of Telecom fraud at the price of 1 yuan each. The violation of personal information is not limited to online, but there are also hidden dangers offline, especially the collection and utilization of biological data such as face, fingerprint and iris. In addition to actively "brushing your face" to obtain convenience in scenarios such as station ticket check-in and mobile payment, there is also the risk of passive "brushing your face" without knowing it. Some stores use "insensitive" face recognition technology to collect consumers' face information without consent. On October 29, the people's Court of Shangcheng District, Hangzhou City, Zhejiang Province accepted a case of consumers suing shopping malls for face capture. When a college student was shopping in a shopping mall in Hangzhou, he found that a face recognition capture camera was installed outside a store. As long as consumers arrive at the store, they will be automatically captured and registered as members, and businesses conduct precision marketing by combining face information with consumer behavior analysis. In addition, sellers publicly sell face recognition videos and buy and sell face information on social platforms. Due to the disclosure of identity information such as face information, many problems such as "being loaned" and infringement of privacy and reputation rights occur. According to the public research report on face recognition application (2020) released by the app special governance working group established by the National Information Security Standardization Technical Committee, 30% of the more than 20000 respondents said that they had suffered privacy or property losses due to the disclosure and abuse of face information. "Notification consent" is the core rule of the personal information protection law, and the collection of personal information should be limited to the minimum range to achieve the purpose of processing On November 1, China's first special law on personal information protection, the personal information protection law, was officially implemented. "This is an indispensable basic legislation for China in the digital age, which meets the legislative needs related to everyone's most direct and realistic interests." long Weiqiu, Dean of the Law School of Beijing University of Aeronautics and Astronautics, told reporters that personal information is a new and fundamental important personal interest that has begun to highlight in the network information age, Its value can be demonstrated through data mining and commercial applications. The relationship between personal information protection and digital development is becoming more and more complex, especially the unauthorized personal information processing and increasingly abusive behavior, which has become a pain point to be solved urgently. "Notification consent" is the core rule of personal information protection established by the personal information protection law. "The personal information protection law makes it clear that the processing of personal information should have a clear and reasonable purpose, be directly related to the processing purpose, and adopt a method that has the least impact on personal rights and interests. The collection of personal information should be limited to the minimum scope to achieve the processing purpose," said Yang Heqing, deputy director of the economic law office of the law working committee of the Standing Committee of the National People's Congress, The personal information processor may process personal information only after obtaining personal consent. In case of any change in important matters of personal information processing, it shall re inform the individual and obtain consent. In the full text of the personal information protection law, the word "inform" appears 16 times and the word "agree" appears 27 times. "The 'inform consent' rule is an inevitable requirement for an individual to have the right to know and decide on personal information processing. To ensure that an individual has' full knowledge 'of information processing, it should let an individual know who is processing his information, how the information is processed, what impact it may have on him, and how to request correction, query and deletion in a significant way and in a clear and understandable language People, information, etc. "said Liu Rui, Professor of the political science and Law Department of the Central Party School (National Academy of administration). "Consent" is not general. The personal information protection law clearly stipulates two consent mechanisms, one is broad consent, and the other is individual consent. For example, the law stipulates that personal information processors shall obtain the individual's separate consent when dealing with sensitive personal information, providing or disclosing personal information to others, cross-border transfer of personal information, etc. "The importance of personal information to the subject is different, some are sensitive information, some are private information, and some are general information. Therefore, the intensity of notification and the way and clarity of consent are also different." Zhang Xinbao, Professor of Law School of Renmin University of China and vice president of Internet information Law Research Society of China law society, said that the personal information protection law This is distinguished in detail. The personal information protection law also made a clear response to the strong complaints from the masses, such as compulsory claims, inability to use app without consent, excessive collection of user information, and "killing" of big data. For example, Article 24 of the law directly refers to the "ripening" of big data, which is conducive to regulating the application of emerging information technologies such as artificial intelligence in the field of personal information processing: personal information processors should ensure the transparency of decision-making and the fairness and impartiality of the results, No unreasonable differential treatment shall be given to individuals in terms of transaction prices and other transaction conditions. "The problem of personal information protection is often wrapped in the cloak of technology neutrality, and even black boxed by operating systems such as algorithms." long Weiqiu said that the essence of personal information processing activity is a kind of science and technology application activity, which is different from general behavior governance, and science and technology governance must be carried out. The personal information protection law establishes a strong regulatory system and goes deep into the level of technology governance. The ultimate goal is to make technology develop better. The abuse of users' personal information stems from the excessive collection of personal information, and the "gatekeeper" Regulations force Internet enterprises to standardize their behavior "We have added a personal information browsing and export mechanism for you, set up a system permission and application authorization management portal, added a personalized recommendation management approach, and disclosed in more detail how wechat handles your personal information." recently, wechat and other apps sent similar notices to users. "Apple is ready for the personal information protection act." Apple also promised to "ensure that users can understand, obtain and correct their personal data, restrict the use of personal data, and delete these data." The legal affairs of an Internet company said, "in order to comply with the personal information protection law, the legal affairs of various Internet enterprises are working overtime. In the face of detailed regulations, there are too many places that need to be changed". Behind the abuse of users' personal information, it actually starts from the excessive collection of personal information. Liu Dian, associate researcher of China Research Institute of Fudan University, told reporters, "for platform enterprises, user information data is an important asset with commercial value, which is also based on the characteristics of platform economy - it depends on the formation of network effect by a large user group." Taking Alibaba as an example, users' consumption records on Taobao are analyzed through algorithms to form personal credit approval, which then gave birth to Huabai and other financial products. "From information collection, processing to value transformation, it is a complete data value chain. Based on this business logic, many Internet companies tend to collect more personal information and form data as widely as possible. This is the reason for over collection," Liu Dian said. In contrast, the business models of the consumer Internet industry are almost all based on consumer data based on personal information. Making profits by advertising is also the basis of many free apps. By collecting information to "portrait" users, the core data is often highly related to the partial privacy information in personal information. Risks follow. After all, after the data is collected, its specific application scenarios are difficult to predict. The people cry and the law responds. Article 58 of the personal information protection law further improves the "gatekeeper clause": first, the provision of basic Internet platform services is modified to provide important Internet platform services; Second, in the first item, the obligation to establish and improve the compliance system of personal information protection in accordance with national regulations is supplemented; Third, a separate gatekeeper obligation is added, that is, to follow the principles of openness, fairness and impartiality, formulate platform rules, and clarify the norms and guarantees for the processing of personal information by product or service providers in the platform