What are the hazards of excessive collection of personal information by mobile apps?

I have been harassed by fraudulent phone calls recently.

With the development of Internet, in recent years, the problem of personal information being excessively or illegally obtained and abused has become more and more serious.

Personal information disclosure is widespread, and APP has become the hardest hit area.

In the list of "Top Ten Hotspots of Consumer Rights Protection in 20 18" jointly released by China Consumers Association and People's Daily Public Opinion Data Center, "Lack of Personal Information Protection" ranks second, which shows that the public attaches importance to and hates the disclosure of personal information.

At present, the disclosure of personal information is mainly divided into the following three situations: excessive collection of personal information, unauthorized disclosure or sharing of personal information to third parties, and illegal sale of personal information. The seriousness of these three situations has deepened in turn.

In recent years, apps have become popular, and mobile apps have become the hardest hit areas for personal information disclosure. Excessive collection of personal information through the APP and then selling it is very serious.

According to the "Security Situation of Internet Network in China in the First Half of 20 19" released by the National Internet Emergency Center, 5 million apps collected an average of 20 items of personal information and equipment information, and the top 1,000 apps applied for an average of 25 rights, among which the number of apps applying for calling rights unrelated to business accounted for more than 30%, and a large number of apps had abnormal behaviors such as detecting other apps or reading and writing user equipment files.

According to the survey report on personal information leakage of APP released by China Consumers Association in August last year, 85.2% of the respondents have encountered personal information leakage. Among the main ways of personal information leakage, 62.2% were collected without my consent, 6 1% were deliberately leaked and sold, and 57.4% were system vulnerabilities.

After the information of these people was leaked, the proportion of harassing, fraudulent calls and spam messages received through sales calls or text messages was 86.5%, 75.0% and 63.4% respectively. The author is also suffering from it. Recently, there have been harassing calls every day on average, which is annoying!

It can be said that the excessive collection of personal information by mobile App shows a general trend, especially the communication and location information of mobile phone. And you have to let him get this information for many apps, otherwise you can't install them. This has caused many people to never look at or occasionally look at the application permissions and user agreements or privacy policies when installing the app. Even if they look at the agreements, most of them just look at them.

It can be said that the serious disclosure of personal information in mobile App is related to people's weak security awareness, but more importantly, under the conditions of imperfect laws, inadequate supervision, lax punishment or even no punishment measures at all, enterprises simply do not pay attention to the safety of users' personal data.

Leaks occur frequently, and enterprises ignore data security.

Therefore, many public enterprises, especially large Internet companies, which have a large number of citizens' personal information, have become the hardest hit areas for citizens' personal information disclosure.

In enterprises, the information security department often becomes a marginal department because it only has input but no output. The boss is unwilling to increase input, thinking that it is good as long as nothing happens, but the reality often backfires.

In recent years, more and more enterprises have leaked personal information. According to the data released by Risk Based Security, more than 3,800 data leakage incidents have been discovered in 20 19, an increase of 54% over the same period last year.

In addition to more and more data leakage incidents, the amount of leaked data is also increasing, and the amount of crimes involved is also increasing.

20 14, 12, a file containing130,000 pieces of personal information, such as name, gender, mobile phone number, landline number, ID number, home address, postcode, school, major of application, was sold for15,000 yuan.

In the major data leakage case in China in 20 18, 10 billion pieces of user personal information data in Tong Yuan in 20 14 were sold at the price of 1 bitcoin; SF 300 million users' personal information data were sold for 2 bitcoins; The opening data of Zhu Hua's 240 million hotel chains, involving 65.438+300 million people, was sold, and the data was priced at 8 bitcoins, about RMB 350,000.

It can be seen that social, express delivery, hotel and other companies that have a large amount of personal privacy data have limited investment in data security, and they can't recruit high-level programmers at all when the post salary is low. The marginalized information security department will have a hard day, and the protection of the database will become like paper, completely becoming a place where criminals can go in and out at will. Therefore, tens of thousands of "last three days" take-away users' names, telephone numbers, addresses, ordering time and other private information can be bought for only a few hundred yuan.

Once the data of an enterprise is leaked, the loss will be huge. According to the latest investigation report released by IBM Security and Ponemon Institute, the average cost of data leakage in 20 18 years is 3.86 million dollars, and large-scale data leakage has brought huge losses. More than 6,543,800 pieces of leaked data are expected to cause a loss of $42 million, and more than 50 million pieces will cause a loss of $388 million.

In 20 18, Facebook was fined $5 billion by the United States for leaking and improper use of 87 million users' data, which became the biggest fine issued by the US government to technology companies.

Under the laws related to personal information protection, companies that do not pay attention to personal data protection will face huge fines like Facebook in the future. For domestic enterprises like Tong Yuan and SF, the day of hanging the sword of Damocles is coming soon.

Personal information protection law is included in the legislative plan.

In recent years, the disclosure of personal information data has been the focus of domestic legal circles, business circles and even ordinary people, so the formulation of personal information protection law has been affecting the nerves of all parties.

Since the EU promulgated the General Data Protection Regulation three years ago, there have been constant voices in China demanding the legislation of personal information protection, and the China version of the General Data Protection Regulation is expected to be promulgated!

Zang Tiewei, spokesman of Law Committee 2 1 said at the first press conference that the personal information protection law has been included in the legislative plan of the National People's Congress Standing Committee (NPCSC) and will be submitted to the Standing Committee for deliberation in due course according to the legislative work plan.

On the 22nd, the draft of personality rights in the Civil Code was submitted to the National People's Congress Standing Committee (NPCSC) (the Standing Committee of the National People's Congress) for the third trial. The third trial draft includes personal e-mail address and whereabouts information with the function of identifying specific natural persons into the scope of personal information and is protected by law.

It can be said that since the promulgation and implementation of the EU General Data Protection Regulation three years ago, all countries in the world are accelerating the formulation of relevant laws. So far, including Japan, Brazil and other countries, more than 50 countries or regions around the world have enacted personal information protection laws.

The United States, the world's largest economy, is also moving quickly. The Act on Clarifying the Legal Use of Overseas Data, also known as the Cloud Act, was promulgated on March 20 18. It is said that the most stringent privacy protection bill in American history, the California Consumer Privacy Act, was passed three months after the Cloud Act and will take effect in 2020.

The enactment of China's personal information protection law can bring China's laws into line with international standards quickly, which is not only conducive to the business development and cooperation of domestic and foreign enterprises, but also conducive to protecting the privacy of China citizens.