APP forced face recognition? Can’t the account cancellation? The country is going to shoot – the People’s Political Consultative Conference

At present, there is an occurrence of personal privacy information leakage, and the app often enforces the user to authorize. It is possible. On the 14th, the National Netcom Office released the "Network Data Security Management Ordinance (Draft for Comment)" (hereinafter referred to as "Draft for Comment"), to strengthen data security protection capacity building, and ensure that the data is ordered in accordance with the law. Flow, promoting data and effectively utilization in accordance with the law.

How do I handle personal information? "Draft for Draft" pointed out that data handlers do not refuse to provide services or interfere with personal use services from information other than personal information necessary to provide services. The picture from the "Network Data Security Management Ordinance (Draft for Comment)" screenshot. "Draft" also pointed out that according to the service type, according to the service type, the consent of personal information is applied, respectively, can be used to use the general terms; handle personal biometric, religious beliefs, specific identity, medical health, financial account, whereile trajectory, etc. Personal information should obtain individual consent.

"Handling personal information of minors in the age of 14, should obtain their guardians; may not improve service quality, improve user experience, research and development new products, etc., forced individuals to agree to deal with their personal information; may not pass misleading, fraud, Stress and other methods have obtained personal consent; they may not be induced by bundling different types of services, bulk application consent, etc.

"In addition, when the user raises the termination of the service or personal logout account, the data handler should delete personal information within a fifteen working day or anonymatically.

It is worth noting that there is previously an APP or community property forced user face recognition.

The "Draft", indicating that the data handler uses biometrics to personal identity authentication, and should be risk assessment of the necessity, safety, must not use biometrics such as face, gait, fingerprint, iris, voiced pattern. The only personal identity authentication method is forced to agree to collect its personal biometric information.

These things enterprises cannot dry out the provisions of personal information processing rules, "Draft" also make multifaceted requirements for data handlers, pointing to any individual and organization to carry out data processing activities must not provide illegal sale or illegally provide data to others; Or obtain data in other illegal ways; do not infringe the reputation, privacy, copyright and other legitimate rights and interests. Data map.

The user is identified by APP people.

China New Cemetery knows any individual and organization know or should know that others are engaged in the preceding activities, they do not provide technical support, tools, procedures, and advertising, payment settlement and other services. "Data handlers should protect data from Leak, stealing, tampering, damage, loss, illegal use, dealing with data security incidents, prevent violations of criminal activities against and utilizing data, maintaining data integrity, confidentiality, availability. "When important data or more than 100,000 personal information security events, damage, loss, loss and other data security events, data processing should also occur in the eight-hour interior section of the provision for eight hours and the relevant authorities to report basic information. , Including the number of data, types, possible influences, or disposal measures that have or intended to be taken. "" Draft for Comment "pointed out.

In addition, the "Draft" is regulated, automated tool access, collecting data violates legal, administrative regulations or industry self-discipline conventions, affecting the normal function of network services, or infringes the legitimate rights and interests of information on other people’s intellectual property rights. The handler should stop accessing, collecting data behavior and take the corresponding remedies. Edit: Where is it?