Big data: Privacy black holes and pale legislation

Apple's 6 was launched in September, but this time the fruit powder was somewhat hesitant. After all, the recent revelations of Oscar-star photos have cast doubt on Apple's data security.

It is understood that hackers use the Apple mobile phone i-cloud Cloud loopholes, stealing film stars, singers and supermodel nude photos. The incident once again sounded the alarm: living in the age of large data, to always pay attention to protect their privacy, privacy leaks everywhere.

In May 2014, the White House released the 2014 "Big Data" white paper, which read "The United States Privacy Act and the International Privacy Law framework" and "large Data on privacy law", intended to update the existing privacy law.

In fact, China's voice on the protection of personal data earlier than the United States, but so far, the protection of personal privacy data is still pale in the laws and regulations.

As early as 2004, at the fourth annual meeting of the Asia-Pacific Forum on Urban Informatization, Professor Zhang Xinbao of the "Internet development challenges and countermeasures for privacy protection" at Renmin University Law School, University School of Management, Professor Mechauzou's information technology and personal information protection, researcher, A number of legislative reflections on the designation of China's Personal Data Protection Act, by Dr. Zhou, a member of the National Information Experts Advisory Committee, has given great attention to this issue.

Since 2006, members of the two conferences have been proposing privacy legislation. However, over the past 10 years, Internet-derived privacy issues are still growing wild. Respondents said that from "Panda incense" virus invasion of personal data to "pornographic" data, from Tencent to micro-letter, from cloud computing to large data, and private black hole in sharp contrast, is a pale legislative lag and lack of top-level design and management.

I know who you are

The bite of "apple", while greeting the father of the computer Turing, seems to coincide with its ever-breaking privacy breach.

"The computer leaked pornographic photos" era has been "outdated", replaced by "cloud photos." The exposed actress is using the iphone, the photo is stored in the phone, a copy will also go into the "photo Stream"-"icloud cloud services." The technical core of this service is the large data storage, processing and collection in the database.

In the big data age, whether you're not online or not, information about you is distributed across the Internet. The "humidifier" that you pay attention to on the shopping site then you'll be haunted by all the Web pages you might visit, and the more confusing thing is that you just register your phone number with a stock software, and your phone will hear it every day: "Hello, this is * * finance." ”

"2013 China Netizen Information Security Status Report" pointed out that 74.1% of netizens in the past six months time encountered information security problems, because of information security incidents caused by personal losses to 19.63 billion yuan.

"With your ID you can dig up 80% of your information, you don't know when it's going to go up," said Xinsheng, vice president and secretary General of China Communications Society, told our correspondent, such as you play the game, the use of new business confirmation, your search keyword, etc., will leave footprints, become big Data "thief" goal.

It is worth mentioning that this is not the fault of the big data itself. The McKinsey report points out that data is a means of production and that big data is the next frontier for innovation, competition and productivity gains. The World Economic Forum's report found big data as new wealth, worth as much as oil.

Data collection and analysis have become the fundamental means of social function improvement since the first count and crop production records were recorded in ancient times. The Guardian, October 23, 2010, used WikiLeaks data to make a data visualization that marked all casualties in the Iraq War on the map. A red dot on the map represents a casualty, the mouse clicks the red dot after the pop-up window is detailed description: Casualties, time, the specific cause of casualties. The red dots, as many as 390,000, appear particularly shocking. The report, once published, immediately led to a shaking of the opposition, pushing Britain to finally make a decision to withdraw its troops in Iraq.

"Large data are at all open liquidity, not open flows are not large data." "Chinese Academy of Engineering, China Internet Association director Hequan told our correspondent, the current world data volume rapid growth, the new data production growth rate of 40% annually." If you put the world's data on your ipod by 2011, you can fill 57.5 billion ipods. Use these ipods as bricks to base two great Wall of China. China has the largest population in the world, but only 60% of Japan and 7% of North America, half of which is unprotected.

Today, data is more deeply intertwined with our lives than ever before. We look forward to using data to solve problems, improve welfare and promote economic prosperity. However, the irregular large data collection, like weeds, is free to dance under the law's missing sky.

Can big data be traded? Respondents ' answer is yes, as large data for future oil resources, is playing a new role in productivity, towards the direction of assets. What is urgently needed to resolve is the definition of privacy, "who is the data owner", "Who is the user," "How to define the use rights," and so on. What needs to be followed up is the legislative protection after the definition.

Privacy or security? Fuzzy definition

The recent survey and analysis of large data development in China Institute of Communications show that in recent years, large data has gradually shifted from the speculation stage to the practical innovation stage. With the continuous improvement of infrastructure construction, the problem of technology is no longer the bottleneck on the road of large data, and the privacy security problem emerges.

"The roots are chaotic and governance is chaotic. Xinsheng told our correspondent that the security of large data includes five levels: national information security, Hacker's security of cyber attack, personal privacy security, ideological security and network infrastructure security, large data and above five levels are related. Privacy related to personal privacy is mainly security and hacker attacks.

However, with regard to the definition of personal information privacy, no matter which regulation is relevant, it is obvious that there is a lack of operability: according to the "information, consent, reasonableness, necessity" principle in the "Telecommunications and Internet User Privacy Regulation" of 24th, the ministry can make a basic and approximate definition of the secret, However, the specific problems still need to be specific analysis; Similarly, although the new Consumer Protection Act, the protection of consumer privacy has been clearly stipulated, but the relevant people pointed out that the existing relevant provisions of the law is too principle, still need to develop corresponding implementation details. As a result, the definition of personal privacy for consumers in the big data age is a problem.

The protection of individual privacy rights in the United States has gone through 3 stages, from residential-centric privacy protection to human-centred privacy protection to data-centric privacy protection. And China's privacy protection of personal information, has not yet followed the development of large data technology.

The relevant law enforcement officials also said that the large data era, the relevant data servers are abroad, and the protection of personal privacy is a very complex problem, even involving national security, enforcement is difficult.

PLA Academy of Engineering Peng summed up the practice of Europe and the United States, suggested that the boundary of the problem, or the need to pass the following four legislative trends to define: first, to require data collection party to increase transparency. That is, to inform consumers of their data collection behavior, the content and use of the data collected, and in some cases require data acquisition direction by consumers to open their information. Second, the requirements of data acquisition party to give consumers the right to choose voluntarily. Consumers can accept or reject their personal data collection. Third, the individual data depending on the nature of the treatment. The European Union's Data Protection Ordinance provides that only information that can be clearly pointed to or identifiable personally is within the scope of personal data protected by the Ordinance, except for anonymous information. The FTC's consumer privacy report also makes it very specific that it applies only to information that can be linked to a particular consumer or computer. and agrees that "if the data collector takes reasonable measures to avoid identity recognition and undertakes not to recognize or allow downstream users or receivers to identify through such information, You may not apply the proposed scheme in the report. In addition, both the EU and the United States distinguish between various types of personal information and regard information relating to health, religion, children and so on as particularly sensitive information and special protection.

Privacy legislation: Ten years hard to wear a sword

China's legal profession is not slow to call for privacy.

Ten years ago in 2004, the Asia-Pacific Urban Information Forum Fourth annual meeting, the Network development of privacy protection issues, become the focus of this seminar. Experts believe that there are serious personal data in China illegally collected, abused, trade phenomenon, the participants think that should play a post advantage, learn from foreign experience, establish and improve China's privacy protection system, and have to write research reports, hope to get attention from all walks of life.

2006, Leland, member of the Development Research Center of the State Council, proposed that legislation should be protected against disclosure of personal information. 2008 national "Two Sessions", Xichang College law professor Wang Mingwen submitted six months to write on, 45 delegates seconded to the enactment of the "People's Republic of China Network Privacy Protection Law" bill. During the 2012 session, the CPPCC committee member, China Digital Holdings Limited chairman of the Board of Directors Guo Wei in the "Personal Information protection legislation" proposal, received wide attention from all sectors of the community.

The most recent is the 2014 session, the NPC representative Liu Qingfeng called for, in the large data era, protect the privacy of citizens can not rely on the relevant departments to pat the head, but to protect the legislation. Protection measures should be put in place to safeguard the privacy of the large data age. Liu Qingfeng said that our constitution and some laws and regulations also include the protection of privacy content, "but the content is fragmented, not enough system. Liu Qingfeng suggested that a special personal Privacy Act should be enacted in the light of the United States.

CPPCC member Ma Shujian suggested that large data development should be included in the national strategy. Ma Shujian suggested that we should speed up the legislation of large data security, promote the opening of data resources, accelerate the demonstration application, especially promote the construction of government and large public Information service platform, improve the scientificity and accuracy of government decision-making, improve the ability of forecasting and emergency response of government, and reduce the cost of government operation; We will focus on cultivating a group of business analysis management talents with large data backgrounds to excavate the huge commercial value of massive data, thus promoting China's economic transformation and making the country seize the opportunity in the "Big Data Wave".

10 years, China's internet has appeared on the QQ network chat, online shopping, cloud computing, Internet of Things, mobile interconnection, intelligent city, however, privacy protection legislation, like the shortest plank, continue to torture the safety of this bucket.

At the same time, foreign movements in this area frequently, gradually improved.

As one of the most developed countries in the world, the United States attaches great importance to the protection of individual privacy rights. At present, there are nearly 40 laws on the protection of personal information at federal level in the United States. Among them, the most important is the Electronic Communications Privacy Act of 1986, which prohibits electronic communications service providers from providing any unauthorized entities with the content of communications generated during the service. In 2012, the Obama administration unveiled the privacy bill, calling on companies to give more control to their users when using private information. The European Union has also introduced a bill on "forgotten powers", in which consumers have the right to require companies to clear their personal data, and so on.

The EU is also moving ahead with the process of reforming its data protection rules. The existing EU Data Protection Directive only allows EU citizens ' data to have a "full" Privacy Protection act or to flow out to countries with effective data security mechanisms, such as the US-EU security port agreement. In January 2014, the United States and the European Union began consultations to make it possible to strengthen the framework of the safe Haven agreement to ensure that it continued to provide strong data protection and to enhance its transparency, effective implementation and legal certainty.

"Privacy legislation, not only individuals, now large data use enterprises are also afraid of infringing personal privacy." "In fact, all parties in the market have this appeal," Xinsheng said.

Li Guang, director of the Information Department of the Development Research Center of the State Council, told our correspondent China only has national secrecy laws against state secrets, lack of specific laws to protect personal privacy and trade secrets, public disclosure regulations on government information, and some sectoral regulations, such as statistical laws, but overall, they are not binding enough, There are no specific laws dealing with personal privacy protection and trade secret protection. As for data collection, storage, use of power and responsibility of the law is also blank, these at the macro level directly related to large data applications and data security of large data.

Protection and openness are two sides of the Hequan, and the fellows appeal from both sides. "Information Protection Law" and "Information disclosure Law" need to be developed as soon as possible, both to encourage community-oriented data mining and to serve society, to prevent violations of privacy by individuals, to promote data sharing and to prevent data abuse. The hidden danger of security and privacy protection is still large, important data storage and application can not rely too much on large data analysis technology and platform, need to pay attention to the risk of information leakage.

Legislation is always vacant, and large data applications cannot wait. In contrast to the country's pale legislation, corporate self-discipline has begun to explore and try.

A few days ago, Shanghai Public utility Payment agency paid a paper to terminate the announcement of cooperation with Alipay caused widespread concern, pay pass even put forward to pay Bao "grilled data", in this respect, Alibaba Small Micro Financial Group chief risk officer Hu Xiaoming Response said: "Alipay never worry about access to data, And never use disgraceful means to get data. ”

On the evening of July 1, Hu Xiaoming first published an external disclosure of Alibaba, Alipay access to data and principles, hoping to set the rules for large data.

The 18 session of plenary proposed that to promote the modernization of national governance system and governance ability, government governance system and governance ability is an important aspect of national governance ability, large data technology has great application potential and huge space in government governance ability.

"More emphasis needs to be placed on data mining and utilization, and for the existing technology applications, talent, security and privacy issues, the key is to have a national large data strategy, so that it becomes the effective way to change the economic growth." "Hequan said.

From: "Well-off" magazine