Current location - Recipe Complete Network - Catering training - Personal Information Protection-Compliance Guide for Applications to Collect User Information
Personal Information Protection-Compliance Guide for Applications to Collect User Information
Editor's words

With the popularity and application of mobile Internet, applications such as APP, as an important way to interact with potential customers, have become an indispensable tool for businesses. At the same time, the application of APP involves the application of laws and regulations in the field of users' personal information protection, and a considerable number of illegal acts have been sanctioned by law in administrative punishment or criminal cases.

The content of this issue is to give guidance and suggestions on the compliance of APP in collecting user information. Specific cases should be analyzed in combination with individual cases.

0 1

Principles to be followed

1. Follow the principles of legality, fairness and necessity, and do not collect personal information irrelevant to the services provided;

2. When collecting personal information, the rules for the collection and use of personal information should be displayed in an easy-to-understand and simple way, and the subject of personal information should choose and agree;

3. Users shall not be forced to authorize, bind or stop installation and use by default, and shall not collect or use personal information in violation of laws and regulations and the agreement with users.

02

The situation of "undisclosed collection and use rules"

There is no privacy policy in 1.App, or there are no rules for collecting and using personal information in the privacy policy;

2. When the 2.App runs for the first time, it does not prompt the user to read the privacy policy and other collection and use rules in obvious ways such as pop-ups;

3. Privacy policies and other collection and use rules are difficult to access. For example, after entering the main interface of the App, it takes more than 4 clicks to access it;

4. Privacy policies and other collection and usage rules are difficult to read, such as the text is too small and dense, the color is too light and fuzzy, or the simplified Chinese version is not available.

03

"The purpose, method and scope of collecting and using personal information are not clearly stated"

1.App (including entrusting a third party or embedding third-party codes and plug-ins) does not list the purposes, methods and scope of collecting and using personal information;

2. When the purpose, method and scope of personal information collection and use change, users are not informed in an appropriate way, including updating the collection and use rules such as privacy policy and reminding users to read;

3. When applying for the right to open personal information collection, or applying for the collection of personal sensitive information such as user ID number, bank account number and whereabouts track, the user is not informed of its purpose synchronously, or the purpose is unclear and difficult to understand;

4. The collection and use of rules are obscure and complicated, which is difficult for users to understand, such as using a lot of technical terms.

04

The situation of "collecting and using personal information without the user's consent"

1. Start collecting personal information or open the right to collect personal information before obtaining the user's consent;

2. After the user explicitly disagrees, he still collects personal information or opens the right to collect personal information, or frequently asks for the user's consent and interferes with the normal use of the user;

3. The personal information actually collected or the public personal information that can be collected is beyond the scope authorized by the user;

4. Seek the user's consent in an implicit way, such as agreeing to the privacy policy by default;

5. Change the permission status of collecting personal information set by the user without the user's consent, such as automatically restoring the permission set by the user to the default status when the App is updated;

6. Use the user's personal information and algorithm to push information directionally, and do not provide the option of non-directional push information;

7. Misleading users to agree to collect personal information or to openly collect personal information by other improper means such as fraud, deception or intentional deception, concealing the real purpose of collecting and using personal information;

8. Failure to provide users with ways and means to withdraw their consent to collect personal information;

05

"collecting personal information unrelated to the services provided by it in violation of the necessary principles"

1. The type of collecting personal information or the opened authority for collecting personal information has nothing to do with the existing business functions;

2. Refusing to provide business functions because users do not agree to collect unnecessary personal information or open unnecessary permissions;

3.3. Personal information collected when applying for new business functions. App is beyond the user's original consent. If the user disagrees, the user refuses to provide the original business function unless the new business function replaces the original business function;

4. The frequency of collecting personal information exceeds the actual needs of business functions;

5. Forcing users to agree to collect personal information only on the grounds of improving service quality, enhancing user experience, directionally pushing information and developing new products;

6. Require users to agree to open multiple permissions that can collect personal information at one time, and users cannot use them without consent.

06

The situation of "providing personal information to others without consent"

1.App client directly provides personal information to third parties without user's consent and anonymity, including providing personal information to third parties through third-party codes and plug-ins embedded in the client;

2. After transmitting the data to the App background server without the user's consent or anonymity, provide the personal information collected by it to a third party;

3.App accesses a third-party application and provides personal information to the third-party application without the user's consent.

07

"Failure to provide the function of deleting or correcting personal information according to law"/"Failure to publish information such as complaint reporting methods"

1. does not provide effective functions to correct, delete personal information and cancel user accounts;

2. Set unnecessary or unreasonable conditions for correcting, deleting personal information or canceling user accounts;

3. Although it provides functions such as correcting, deleting personal information, canceling user accounts, etc., it fails to respond to the user's corresponding operations in time, and needs to be handled manually, and the verification processing is not completed within the promised time limit (the promised time limit does not exceed 15 working days, and if there is no promised time limit, it is limited to 15 working days);

4. User operations such as correcting, deleting personal information or canceling user accounts have been completed, but the App background has not been completed;

5. The channel for reporting personal information security complaints has not been established and published, or it has not been accepted and handled within the promised time limit (the promised time limit is not more than 15 working days, and if there is no promised time limit, it is limited to 15 working days).

08

Scope of "necessary personal information"

Necessary personal information refers to the personal information necessary to ensure the normal operation of the basic functions and services of the App. Without this information, the App cannot achieve basic functional services. Specifically, it refers to the personal information of consumers, excluding the personal information of service providers. Required personal information range for common types of applications:

(1) Map navigation, the basic function service is "location navigation", and the required personal information is: location information, departure place and arrival place.

(2) Online car rental, the basic function services are "online taxi reservation service and cruise taxi call service", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. The departure place, arrival place, location information and destination of passengers;

3. Payment information such as payment time, payment amount and payment channel (online booking taxi service).

(3) Instant messaging, the basic function service is "providing online instant messaging services such as text, pictures, voice and video", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. Account information: the account number and account list of instant messaging contacts.

(5) Online payment, the basic functions and services are "online payment, cash withdrawal, transfer and other functions", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. Registered user name, certificate type and number, certificate validity period and bank card number.

(six) online shopping, the basic function of the service is to "buy goods", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. Name, address and telephone number of the consignee;

3. Payment information such as payment time, payment amount and payment channel.

(7) Food and beverage take-out, the basic function service is "food and beverage purchase and delivery", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. Name, address and telephone number of the consignee;

3. Payment information such as payment time, payment amount and payment channel.

(eight) express mail, the basic function of the service is "mail, parcels, printed matter and other items delivery service", the necessary personal information includes:

1. Identity information, such as sender's name, certificate type and number;

2. The address and telephone number of the sender;

3. The name, address and telephone number of the recipient;

4. Name, nature and quantity of the delivered goods.

(9) Transportation ticketing, the basic function service is "transportation-related ticketing service and itinerary management (such as ticket purchase, ticket change, refund and itinerary management)", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. Passenger's name, certificate type and number, and passenger type. Passenger types usually include children, adults, students and so on.

3. Departure, destination, departure time, train number/boat number, seat/cabin class, seat number (if any), license plate number and license plate color (ETC service);

4. Payment information such as payment time, payment amount and payment channel.

(10) Marriage and blind date, the basic function service is "Marriage and blind date", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. The sex, age and marital status of the blind date.

(eleven) job recruitment, the basic function of the service is "job recruitment information exchange", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. Resume provided by the job seeker.

(12) Peer-to-peer lending, with the basic function of "personal loan application service for consumption, daily production and operation turnover, etc." , the necessary personal information includes:

1. Mobile phone number of registered users;

2 borrower's name, certificate type and number, certificate validity period and bank card number.

(thirteen) housing rental, the basic function of the service is "personal housing information release, housing rental or sale", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. Basic information of the house: address, area/apartment type, estimated selling price or rent.

(14) Second-hand car trading, the basic function of the service is "exchange of second-hand car trading information", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. Buyer's name, certificate type and number;

3. Seller's name, certificate type and number, vehicle driving license number and vehicle identification number.

(15) consultation registration, the basic function service is "online consultation appointment registration", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. When registering, you need to provide the patient's name, certificate type and number, and the hospital and department where the registration is scheduled;

You need to provide a description of your illness when you ask.

(sixteen) tourism services, the basic function of the service is "the release and ordering of tourism service product information", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. The travel destination and travel time of the traveler;

3. The traveler's name, certificate type and number, and contact information.

(17) Hotel service, its basic function is "hotel reservation", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. Name and contact information of the lodger, check-in and check-out time, and hotel name.

(eighteen) online games, the basic function service is "providing online game products and services", and the necessary personal information is: the mobile phone number of registered users.

(nineteen) for learning and education, the basic functional services are "online counseling, online classroom, etc." And the necessary personal information is: the mobile phone number of the registered user.

(20) For local life, the basic functional services are "daily life services such as home maintenance, home decoration and second-hand idle goods trading", and the necessary personal information is: the mobile phone number of registered users.

(21) Women's health, the basic functional services are "women's menstrual management, pregnancy and parenting, beauty and body care and other health management services", and the basic functional services can be used without personal information.

(twenty-two) car service, the basic function of the service is "* * to enjoy bicycles, * * to enjoy cars, car rental and other services", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. Use * * * to enjoy the certificate type and number and driving license information of users who use car and car rental services;

3. Payment information such as payment time, payment amount and payment channel;

4. Location information of users who use * * * to enjoy bicycle and time-sharing car rental services.

(twenty-three) investment and financial management, the basic function service is "stock, futures, funds, bonds and other related investment and financial management services", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. Name, certificate type and number, validity period and copy of the investment and wealth management user;

3. The fund account, bank card number or payment account number of the investment and wealth management user.

(twenty-four) mobile banking, the basic function service is "bank account management, information inquiry, transfer and remittance services through mobile intelligent terminal devices such as mobile phones", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. User's name, certificate type and number, certificate validity period, copy of certificate, bank card number and mobile phone number reserved by the bank;

3. The payee's name, bank card number and bank information shall be provided for transfer.

(twenty-five) mailbox cloud disk, the basic function service is "mailbox, cloud disk, etc.", and the necessary personal information is: the mobile phone number of registered users.

(26) Telephone conference, the basic function service is "providing audio or video conference through the network", and the necessary personal information is: the mobile phone number of registered users.

(twenty-seven) webcast, the basic function service is "to provide real-time video, audio, graphics and other forms of information browsing services for the public", and the basic function service can be used without personal information.

(twenty-eight) online audio and video, the basic function service is "video, music search and play", and the basic function service can be used without personal information.

(twenty-nine) short video, the basic function service is "video search and play for less than a certain period of time", and the basic function service can be used without personal information.

(30) For news information, the basic function service is "browsing and searching news information", and the basic function service can be used without personal information.

(3 1) Exercise and fitness. The basic function service is "Exercise and Fitness Training", and you can use the basic function service without personal information.

(32) Browser, whose basic function service is "browsing Internet information resources", can use the basic function service without personal information.

(33) Input method, the basic function service is "input of characters, symbols, etc.", and the basic function service can be used without personal information.

(34) Security management. The basic function services are "killing viruses, cleaning malicious plug-ins, fixing vulnerabilities, etc.", and you can use the basic function services without personal information.

(thirty-five) e-books, the basic function service is "e-book search and reading", and the basic function service can be used without personal information.

(36) Photography beautification. Basic functional services include "shooting, beauty, filters, etc." , and you can use basic functional services without personal information.

(37) App store, which has the basic function of "App Search and Download" and can be used without personal information.

(38) Practical tools, with basic functions including "calendar, weather, dictionary translation, calculator, remote control, flashlight, compass, alarm clock, file transfer, file management, wallpaper ringtone, screen capture, recording, document processing, smart home assistant, constellation personality test, etc." , and you can use basic functional services without personal information.

(thirty-nine) performance ticketing, the basic function service is "performance ticket purchase", and the necessary personal information includes:

1. Mobile phone number of registered users;

2. Number of performances and seats (if any);

3. Payment information such as payment time, payment amount and payment channel.

Related articles
  • What about Gongan County Chenyu Ecological Agriculture Development Co., Ltd.?
  • What are the majors in secondary schools?
  • Latest epidemic prevention regulations in Suzhou
  • What is the land acquisition procedure in Yubei District of Chongqing?
  • The impact of economic recession on ordinary people
  • How do restaurant chain stores manage financial accounts?
  • What should the catering department say to guests who are on a diet and want to eat?
  • Which district of Chengdu does Sansheng Huaxiang belong to?
  • The new store is opening, and I want to send it in a circle of friends. How can I send these words? I just want people to know about our store and wait online!
  • Xi 'an registered company process complete version

    • copyright 2024 Recipe Complete Network All rights reserved