laitimes
return

"I've read and agree with what's hidden"?

author:China Industry Network

Original title: Because of the forced demand for user privacy, an App was judged by the court to infringe on citizens' personal information rights (citation)

"I've read and agree with what's hidden"? (Theme)

Workers' Daily-China Workers' Network reporter Zhang Ziyu

Reading tips

Personal information that is read without consent, the content of the agreement that you want to read but can't understand, and the default terms of lifetime authorization are agreed to at one time...... The reporter's investigation found that some apps still infringe on citizens' personal information rights and interests in the process of collecting and processing users' personal information.

Most mobile apps are routinely downloaded and used for the first time, but many people may not really read the user agreement in order to save trouble, and then ignore these questions: What personal information does the app obtain through the privacy policy? Does the App have to collect this information to provide services? How does the app store and utilize this information?

Ms. Zhang, from Beijing, noticed that the app's privacy policy option was to check "agree" by default, and the app would automatically log out if she unchecked or refused to process her personal information. When Ms. Zhang wanted to stop using the app after registering for a period of time, she found that she could not withdraw her permission to process her personal information, so she sued the app operator to the court. Recently, the Beijing No. 4 Intermediate People's Court concluded the case in the second instance, finding that a dictionary app infringes on citizens' personal information rights and interests, and should bear tort liability in accordance with the law.

Personal information is read silently by the app

"Every time I ask to check and agree, I am helpless, but I can't help but check, so if I have to use this app, I can only reluctantly agree, this kind of 'forced voluntariness' has obviously violated the original intention of the legislation." Ms. Zhou, from Beijing, expressed the same concern about various apps repeatedly asking for user consent and mobile phone permissions, "The most common lie I have told is 'I have read and agreed to the user agreement'. The legal provision mentioned by Ms. Zhou is Article 14 of the Personal Information Protection Law of the People's Republic of China, which states that if the processing of personal information is based on the consent of the individual, the consent shall be made voluntarily and explicitly by the individual on the premise of full knowledge.

Liu Jinning, the judge who heard Ms. Zhang's case and an assistant judge of the Beijing No. 4 Intermediate People's Court, told reporters that the app involved in the case was precisely because the privacy policy was checked "consent" by default, and Ms. Zhang was not allowed to voluntarily choose to consent, which did not meet the requirements of "voluntary" and "clear", which is one of the obvious violations of the App provider.

The Provisions on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications, which came into effect in 2021, clearly state that apps shall not refuse users to use their basic functions and services because they do not agree to provide unnecessary personal information. Among the several mainstream social and information apps experienced by reporters, most of them are no longer unusable without checking the consent box, but there will be restrictions on the use of basic functions of the app, such as only being able to browse some information and not being able to comment on favorite related content.

However, when the reporter intends to log in to the account, most apps will immediately prompt that you can use the local number to log in quickly, but the reporter did not authorize the app to read the mobile phone number and other relevant information, let alone check the relevant "agree" option. This "fast" is convenient, but it also means that these apps are already quietly reading users' personal information without consent.

App protocol "I want to read but can't understand it"

Unlike Ms. Zhang and Ms. Zhou, Wang Jiale, a law student majoring in law, is interested in the app's user agreement and privacy policy. "Since I finished the civil law course, my classmates and I have paid special attention to the protection of personal information." Wang Jiale told reporters that when using some newly downloaded apps, he would deliberately take the initiative to click on the app's user agreement and privacy agreement, "just to see what such apps use to collect my personal information." But the agreement that was clicked on made it difficult for Wang Jiale to read it again - what is a crawler protocol? What does a defective third-party service mean? How to define commercial merchantability and suitability for a specific purpose?

The reporter consulted the user agreements and privacy agreements of some apps and found that the content of the agreement was mixed with Chinese and English professional terms and even charts; The text is as long as a professional paper, and some words are marked with notes and appendices; The terms of the agreement are updated dynamically, and if you want to get the latest content of the agreement, you need to check it from time to time......

"I want to see it but I can't understand it, which makes it even more uncomfortable." Wang Jiale was puzzled, "Tossing users like this, could it be that I didn't want users to understand it in the first place, and even there are other tricks hidden behind the agreement?" Qi Shan, legal counsel of an Internet company, answered Wang Jiale's confusion, "The content involving professional terms and specific terms does need a threshold to read, and the content of the agreement is also drawn up by people in the professional field. ”

The reporter learned that in response to user voices, some mainstream social apps have launched the so-called "stream-saving version" user agreement, that is, the important content and key chapters in the original agreement are taken out separately, and the most important parts are marked in a prominent way such as font blackout and italics, but many of the content is still obscure to read, and even more links are annotated and jumped.

Agree once, license for life?

The reporter combed through netizens' complaints about the user agreement and privacy policy and found that "excessive claims" and "one-time consent for lifetime authorization" are issues that netizens pay more attention to App agreement issues. In the above-mentioned case of Ms. Zhang, according to the court's opinion, the attributes of the app involved in the case should be a utility app that provides vocabulary queries. According to the Provisions on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications, utility apps do not need personal information such as mobile phone numbers to use basic functional services, so the dictionary app's behavior of requiring personal information to be collected before providing services is illegal.

The content of the service agreement of "one-time agreement to lifetime authorization" made netizens even more indignant. The reporter checked the relevant terms of a social app and saw that the app promised not to transfer or disclose users' personal information to any third party, except in several special circumstances. However, for specific scenarios in special circumstances, no significant ways or means of withdrawing consent or undertaking are provided.

Paragraph 1 of Article 15 of the Personal Information Protection Law stipulates that individuals have the right to withdraw their consent to the processing of personal information based on their consent. In Ms. Zhang's case, the court held that the app in question violated the user's rights and interests in personal information by failing to provide a way to withdraw consent. In the end, after the first and second trials of the case, the operating company of the App involved in the case was sentenced to delete Ms. Zhang's personal information collected, apologize to Ms. Zhang, and compensate her reasonable expenses.

Zhu Sirui, a lawyer at Beijing DOCVIT Law Firm, believes that in addition to informing users of what information will be collected through a clear agreement when they first use the app, app service providers should also do a good job of keeping the collected information, such as encrypting the user data stored and transmitted, and regularly checking and updating data protection measures; Implement user control that allows users to view, modify, or delete personal information collected, and easily revoke consent to certain information.

Source: China Workers' Daily

Previous: The 03 version of Yitian beauty is contrasted, Gao Yuanyuan has a long flowering period, Lin Jing has changed a lot, and the woman in the yellow shirt is mysterious
Next: Half of the 12 typical cases published involved "who is the owner"