Fined 50 million yuan! What personal information has CNKI illegally collected? What are the hazards?
Yesterday, the State Internet Information Office issued a document saying that Zhiwang had many illegal behaviors, such as collecting personal information in violation of the necessary principles, collecting personal information without consent, and ordered it to stop illegal processing of personal information, and imposed a fine of 50 million yuan. Why does CNKI still collect personal information in violation of regulations after the implementation of the Personal Information Protection Law of the People's Republic of China in the past two years? What harm will illegal collection of personal information bring?
14 apps under CNKI have engaged in illegal activities
On the 6th, the National Cyberspace Administration issued a document stating that 14 apps under CNKI, including mobile CNKI and CNKI Reading, have engaged in illegal activities such as collecting personal information in violation of the principle of necessity, collecting personal information without consent, not disclosing or explicitly stating collection and use rules, not providing account cancellation function, and not deleting user personal information in a timely manner after the user cancels their account.
In June 2022, the National Cyberspace Administration announced the launch of a cybersecurity review on CNKI. It is reported that CNKI has access to a large amount of personal information and important data related to key industries such as national defense, industry, telecommunications, transportation, natural resources, health, finance, as well as sensitive information on major projects, important scientific and technological achievements, and key technological developments in China.
Industry insiders say that CNKI is easily targeted by foreign hacker organizations, and relevant institutions conduct network security reviews to ensure network and data security, thereby maintaining national security. Guo Bing, Vice Dean of the Data Rule of Law Research Institute at Zhejiang University of Technology, stated that cybersecurity review focuses on national security and also examines issues related to personal information protection.
"There are relevant rules for the protection of personal information in the Cybersecurity Law. The Personal Information Protection Law, which came into effect in November 2021, has been more detailed in its rule design, strictly limiting the scope, processing methods, and retention period of personal information collection. The collection of personal information should be limited to the minimum scope for achieving processing purposes."
Guo Bing introduced that the Personal Information Protection Law emphasizes that platforms cannot excessively collect personal information unrelated to services. "Because the platform may abuse excessively collected information, and even illegally use it, which not only infringes on personal rights but also poses some uncertain risks."
Illegal collection of personal information such as IP addresses and browser types
![Fined 50 million yuan! What personal information has CNKI illegally collected? What are the hazards?](https://a5qu.com/upload/images/caee0a45424dfb4f4a78c7bf4edde1e8.png)
What hazards will it bring?
According to the privacy policy of Mobile CNKI in September 2022, the reporter found that the log information column clearly states that when a user visits the Mobile CNKI platform or uses the Mobile CNKI service, the system may automatically receive and collect information from the user's browser and computer, including IP address, browser type, search history, browsing history, access date and time, telecommunications operator, etc. In the privacy policy updated on July 28th this year, the log information column did not mention the collection of information such as browsers, IP addresses, and telecommunications operators.
On the left is the privacy policy for CNKI in September 2022, and on the right is the updated version on July 28th.
Li Yongjian, director of the Internet Economy Research Office of the Institute of Financial Strategy, Chinese Academy of Social Sciences, believes that the user browser information collected by HowNet has nothing to do with the services it provides. "These platform companies used to believe that collecting information was legal as long as it was explained in the privacy agreement. According to survey data, 97% of people agreed to use the app without looking at the privacy agreement. Therefore, a large number of companies used this mentality to hide many traps in the privacy agreement."
Li Yongjian stated that the illegal collection of personal information poses an incalculable threat to personal privacy and even personal and property security:
The platform may use personal information collected from one business to other businesses, which may result in the leakage of personal information and cause significant harm to individuals;
Many companies that collect information do not have sufficient information protection capabilities, and the stored information is easily breached by hackers or other criminals;
The platform may use the collected information for big data analysis, infringing on consumer rights.
![Fined 50 million yuan! What personal information has CNKI illegally collected? What are the hazards?](https://a5qu.com/upload/images/64f39873d51173fbcbd493ffcdea515d.jpg)
Expert: Platform enterprises should strictly comply with the Personal Information Protection Law
Yesterday, CNKI issued a statement stating that it will comprehensively carry out rectification work and further strengthen various construction projects such as network security, data security, and personal information protection.
Previously, CNKI was criticized for charging high fees to readers but not rewarding authors. In December 2022, the State Administration for Market Regulation fined CNKI a total of 87.6 million yuan in accordance with the law for illegal acts such as unfair high prices and restricted transactions committed by CNKI's abuse of market dominance. Within less than a year, CNKI was fined over 130 million yuan.
It is understood that those who seriously violate the Personal Information Protection Law shall be fined not more than 50 million yuan or not more than 5% of the previous year's revenue. Previously, Didi Company was fined 8.026 billion yuan for violating laws and regulations such as the Cybersecurity Law and the Personal Information Protection Law.
Guo Bing, Vice Dean of the Data Rule of Law Research Institute at Zhejiang University of Technology, stated that platform enterprises should strictly fulfill their compliance obligations determined by the Personal Information Protection Law. "Once punished, the cost of violating the law is still relatively high, so do not hold a mentality of luck."