Media: Small and micro consumption scenarios cannot become blind spots for information protection. One cup of milk tea generates 87 pieces of data. Information security | consumption | information
Buying a cup of milk tea may not be a big deal, but it reflects the issues of consumer behavior and information security in certain scenarios, which should be given sufficient attention. How to strip sensitive information from massive personal information and make good use of other available information is of great significance for the development of the information industry, balancing the relationship between technology and information application and user rights, and improving people's lives and consumption experience.
According to a report from Pengpai News Network, the Shanghai Cyberspace Administration recently found that a well-known chain milk tea brand can generate 87 pieces of data for every order received. As of March this year, it has accumulated over 10 billion pieces of data, including 670 million sensitive personal information such as consumer names, phone numbers, and shipping address latitude. On June 16th, Shanghai launched the "Bright Sword Pujiang · Consumer Personal Information Rights Protection Special Law Enforcement Action", focusing on key consumption areas such as restaurants and parking QR codes, and carrying out centralized rectification of illegal behaviors such as "excessive collection, forced collection, inducement, and illegal use" of personal information.
Buying one cup of milk tea generated 87 data points, which surprised the public. Among these data information, some are core sensitive information that the public is very concerned about, such as name, phone number, address latitude and longitude, etc. In addition, there is also a lot of information that appears to have no obvious harm to individuals but has commercial value for market research and predicting consumption trends in related industries, such as consumption records, taste preferences, IP addresses, phone models, etc.
In recent years, life services in many cities have become increasingly intelligent, with online operations and QR code transactions visible everywhere. From downloading and using apps in app stores, to ordering and paying for meals in restaurants, parking and fees, it can even be said that wherever there is a usage scenario for mobile phones, there may be phenomena such as excessive claims, forced attention, and technological capture of user information. The defense line for protecting personal information is facing increasingly severe challenges.
The excessive collection and illegal use of personal information is primarily due to the unequal status of both parties involved in the transaction or service. In situations where there is "no agreement or authorization to proceed to the next step", "no location information provided, no ordering", and other "voluntary" situations, excessive claims and other actions become shameless; Secondly, the widespread use of professional technical means has led the public into a situation of "naked running" of personal information without realizing it; At the same time, commercial impulses have made collecting and selling personal information a business. Some companies use technological means to illegally steal personal information, while others resell the collected personal information to third-party data agencies. In addition, many ordinary people are not sensitive to personal information security issues, which to some extent provides opportunities for those with ulterior motives to take advantage of.
The harm of running naked with personal information is serious. In recent years, there have been numerous cases of accurate profiling based on personal consumption habits and other factors, which have led to telecommunications fraud, online violence, and harassment of information. More seriously, it may also pose a potential threat to the personal safety of citizens and even national security.
The case of buying one cup of milk tea and generating 87 pieces of data reminds us that even the smallest amount of electronic transactions may be related to data security issues. We need to gather broader consensus and jointly face and explore measures to address it.
At present, China's Cybersecurity Law, Data Security Law, and Personal Information Protection Law have made authoritative regulations on personal information protection, and have also provided clear responses to some key issues. For example, in the collection of personal information, the principles of "informed, consent, and minimum necessity" have been established. However, the technology and refinement of personal information collection are gradually improving. How can relevant laws and regulations be quickly followed up and more accurately regulated? The prospects and practical needs for the resource and commercial application of personal information are becoming increasingly apparent. How can the protection and utilization of personal information be "each with its own advantages and disadvantages"?
In the long run, the protection of personal information is not to isolate information data from the Internet economy, but to explore how to achieve win-win information protection and utilization on the basis of necessity, rationality and compliance. In the era of big data and informatization, various types of basic information are important resources, and commercial applications are also a trend. How to strip sensitive information from massive personal information and make good use of other available information is of great significance for the development of the information industry, balancing the relationship between technology and information application and user rights, and improving people's lives and consumption experience. Recently, the China Consumer Association proposed that it would carry out special supervision work nationwide on issues such as compulsory attention to official account and excessive claims for rights. Such measures are more beneficial.
Buying a cup of milk tea may not be a big deal, but it reflects the issues of consumer behavior and information security in certain scenarios, which should be given sufficient attention. When the "nerve endings" of social and economic life are also facing personal information security risks, it is very important to implement governance concepts and measures from the macro level to the micro level. It is our common expectation to pay attention to personal information protection in small and micro consumption scenarios, just like focusing on data security on big platforms, and not to let it become a breakthrough point for personal information defense lines to be torn apart at will.