According to news from this site on April 9, the "Regulations on the Implementation of the Consumer Rights Protection Law of the People's Republic of China" (hereinafter referred to as the "Regulations") have been officially released. Today, the State Council Information Office held a regular briefing on State Council policies to introduce the relevant situation of the Regulations.
You Xueyun, head of the Cyber Law and Regulation Bureau of the Cyberspace Administration of China, introduced that Article 23 of the "Regulations" stipulates the obligations of operators to protect consumers' personal information. First of all, when providing goods or services, operators must not excessively collect consumers' personal information, and must not use one-time general authorization, default authorization, etc. to force or disguised consumers to agree to the collection and use of personal information that is not directly related to business activities.
This site noticed that You Xueyun gave an example, “Everyone must have experienced online shopping. The basic functional service of online shopping is to purchase goods. The scope of necessary personal information includes: the mobile phone number of the registered user, which is our mobile phone number; name, address, contact number of the consignee; payment time, payment amount, payment channel and other payment information.If it exceeds these, such as face recognition, it is excessive collection and is not necessary. Information.”
In addition, operators should comply with relevant laws and administrative regulations when handling sensitive personal information. Sensitive personal information may be processed only when there is a specific purpose and sufficient necessity, and strict protective measures are taken, and the individual consent or written consent of the consumer must be obtained. If the personal information of minors under the age of 14 is processed, the consent of the minor's parents or other guardians must be obtained, and special personal information processing rules must be formulated.
Finally, operators should protect consumers’ personal information in accordance with the law. Operators should protect consumers' rights to know and make decisions in personal information processing activities, including the right to access and copy, correct and supplement, delete, and explain, and establish a convenient application acceptance and processing mechanism for consumers to exercise their rights. Operators shall not illegally sell, provide or disclose consumers' personal information, and shall take necessary measures to ensure the security of personal information and prevent unauthorized access and leakage, tampering, and loss of personal information. If it is lost, operators should take immediate remedial measures and notify the departments and consumers who perform personal information protection responsibilities.
The above is the detailed content of Cyberspace Administration of China: Facial recognition during online shopping is excessive collection of personal information. For more information, please follow other related articles on the PHP Chinese website!