Be collected, shared, used Who moved my “network trace”


Xinhua news agency, Hangzhou, June 17: collected, shared, used Who moved my “network trace”?
Reporter Wu Shuai and Zhang Xuan from Xinhua perspective of Xinhua News Agency
Recently, iqiyi was accused of “violating privacy” after losing the case of “advanced on demand”: it submitted the film viewing record of the plaintiff user Mr. Wu in the trial of the case, which was publicly questioned by the parties.
Movie watching record, taxi track, search record, shopping list People’s activities in cyberspace are more and more frequent. Every screen stay and fingertip operation will be stored as a “trace” of data form. The vast “network trace” concerns the privacy of users. How to protect it?
Who is using my “network record”?
“They took out my movie watching record in the court, nearly 100 pages, and felt that privacy was violated.” Mr. Wu, the plaintiff, recently questioned in his personal microblog platform.
In response, iqiyi’s official Weibo replied that all information submitted in the “advanced on demand” case was based on relevant laws and litigation needs, and applied for non-public cross examination to ensure that the information would not flow to third parties.
The reporter contacted Mr. Wu, the Party of the case. In his opinion, the platform should strictly follow the law in collecting, viewing and using personal information, “if there is no investigation order from the public security organ or the court, nor my consent, it is an infringement.”
Gao Yandong, director of the Internet law research center of Guanghua law school, Zhejiang University, said that personal viewing records are citizens’ personal information, including personal preferences, action information, behavior trajectory, etc., which can be combined with other information to identify specific natural persons. The consent of the natural person or his guardian shall be obtained for the processing of personal information.
In fact, many people have the same experience of being infringed in real life. Ms. Chen, a resident of Hangzhou, said that she had browsed on a marriage platform before receiving promotional messages from different platforms and institutions. What makes Ms. Chen unable to let go is that just because she “browsed” this action, she has become the target of precision marketing for some enterprises.
The reporter looked up the major complaint platforms and found that many users questioned that some network platforms collected “network traces” personalized push. Some users complain that on platforms such as marriage and loan, as long as there are browsing records, they will receive sales calls soon.
In 2019, technology self media tested a news app, and found that behind personalized push, it may be the collection and analysis of in app data, including user subscription channels, tags and other in app data, as well as user login through social accounts, user browser bookmarks and other out of app data.
Excessive collection of “network traces” suspected of infringement
“Network trace”, also known as “digital footprint”, refers to the behavior records left by users after Internet space activities, including public posts, status, etc., as well as data recorded by local or cloud servers. Different from personal ID card number, mobile phone number and other privacy information, many “network traces” will be collected for commercial use.
A person in the industry said that at present, the common practice of some large Internet enterprises is to distribute information desensitized to artificial intelligence algorithm, and finally form user preference analysis, so as to achieve the business purpose of accurate push.
The reporter looked up the relevant terms of the user privacy agreement of many popular apps and found that almost all of them mentioned that they would make commercial use of some of the collected information, most of which were used for user personalized services, push information, advertising, etc. From agreement authorization to commercial utilization, the process of using user’s “network trace” has the suspicion of infringement and security risk.
——Don’t use it if you don’t agree. The app privacy agreement becomes the overlord clause. Many users have had such experience that the newly downloaded app is not available if it is not authorized, and authorization to collect information has become a precondition. According to the interviewee in the legal field, some app developers directly regard the collection, viewing and use of all the behavior records on the app authorized by users as the precondition for normal use of the app, which is suspected of being overbearing.
——The second transfer, the “network trace” faces multiple sharing. “Why do traces of my browsing on this platform become push clues of another platform?” It is not difficult to read the privacy protocols of some platforms. Some platforms stipulate that users’ behavior data can be shared and transmitted conditionally. Xu Chao, an expert in network security technology, believes that there is no clear standard for the extent to which the shared data is used and whether it is properly kept. There may be risks such as excessive collection, secondary transfer and server attack.
——Personal behavior data has commercial value, but users have no property rights and interests. According to Gan Haibin, a lawyer from Beijing Yingke (Hangzhou) law firm, most Internet platforms agree that users of network accounts have only the right to use, but the right to use platform accounts can also be regarded as virtual property. With the increasing use of behavioral data, behavioral data will become more and more valuable.
How to regulate “the person in charge of the key”?
According to Gan Haibin, the Internet platform is “the person in charge of the key”, and the relevant provisions of the user’s privacy rights are conducive to the company’s commercial use, so it is necessary to clarify the boundary between the commercial use of Internet enterprises and data protection.
Gao Yandong believes that as long as the data collection subject has commercial purposes, it must follow the four principles of legitimacy, legality, necessity and consent, and the scope of information collection should be kept to a minimum.
According to the user’s “network trace”, Gao Yandong suggested that the data can be classified, protected and managed. The first is to strictly protect sensitive “traces”, such as trace information; the second is to negotiate the use of general information, the user agrees to authorize, and after de identification processing, the platform can provide personalized push and service accordingly.
Some people in the legal circle believe that in reality, due to the reasons that it is difficult for individual users to provide evidence and so on, in the face of the difficulties of excessive collection and use of “network traces” by platforms and developers, it is necessary to accelerate the promotion of special legislation such as personal information protection law.
Network security experts said that enterprises should consciously standardize information security protection, do necessary desensitization, encryption and other technical processing for information, especially in the process of data transmission and sharing, using “homomorphic encryption” and other technologies to properly protect users’ network traces. At the same time, relevant departments should strengthen the means of technical supervision and investigate and deal with the illegal behaviors such as abusing data and information on the “key in hand” platform.