[目的/意义] 在移动互联网环境下,手机应用(APP)服务商掌握了越来越多的用户数据,注销账号成为用户防止个人信息遭受非法利用的有效手段,账号注销机制的构建对保障用户信息安全具有重要意义。[方法/过程] 在系统调查我国有关法律规定及欧盟GDPR法案的基础上,对国内外主流APP的账号注销机制进行全面梳理,分析其中存在的问题,并提出可行的建设策略。[结果/结论] 提出在覆盖注销前、注销中、注销后三个阶段,由服务商、监管机构和用户三方协作参与的全流程账号注销机制,并指出了面向用户信息安全的管理与服务未来突破与创新的方向。
[Purpose/significance] Under the environment of Mobile Internet, service providers of APPs master an increasing amount of user data. Closing accounts has become an effective approach for users to prevent illegal use of individual information. The construction of account cancellation mechanism is of great significance to guarantee users' information security.[Method/process] Based on the systematic investigations on relevant laws and regulations of China, and the General Data Protection Regulation (GDPR) enacted by EU, we have achieved a comprehensive understanding of status and problems of account cancellation mechanisms in popular APPs at home and abroad, then we proposed feasible construction strategies corresponding to the problems.[Result/conclusion] This paper proposed a whole-flow cancellation mechanism of user accounts, which covers three stages of account closing (i.e. before, during and after the process), implemented jointly by service providers, regulators and users. Moreover, we pointed out the direction of breakthrough and innovation in terms of managing and servicing users' information security in the future.
[1] HASHEM I A T, YAQOOB I, ANUAR N B, et al. The rise of "big data" on cloud computing:review and open research issues[J]. Information systems, 2015, 47:98-115.
[2] LUTZ C, HOFFMANN C P, BUCHER E, et al. The role of privacy concerns in the sharing economy[J]. Information, communication & society, 2018, 21(10):1472-1492.
[3] 央视新闻. 评论:谁说"中国人愿意用隐私换便利"[EB/OL].[2018-12-28]. http://news.163.com/18/0328/03/DDV513QI0001875N.html.
[4] 知乎. 如何评价京东杀熟?[EB/OL].[2018-12-28]. https://www.zhihu.com/question/270660676.
[5] GU J, XU Y C, XU H, et al. Privacy concerns for mobile app download:an elaboration likelihood model perspective[J]. Decision support systems, 2017, 94:19-28.
[6] JUNG Y, PARK J. An investigation of relationships among privacy concerns, affective responses, and coping behaviors in location-based services[J]. International journal of information management, 2018, 43:15-24.
[7] WOTTRICH V M, VAN REIJMERSDAL E A, SMIT E G. The privacy trade-off for mobile app downloads:the roles of app value, intrusiveness, and privacy concerns[J]. Decision support systems, 2018, 106:44-52.
[8] Backgroud checks. A directory of direct links to delete your account from web services[EB/OL].[2018-12-28]. https://backgroundchecks.org/justdeleteme/.
[9] BRANDTZAEG P B, PULTIER A, MOEN G M. Losing control to data-hungry apps:a mixed-methods approach to mobile app privacy[J/OL]. Social science computer review, 2018:1-23.[2019-04-29]. https://doi.org/10.1177/0894439318777706.
[10] DEVMANE M A, RANA N K. Privacy issues in online social networks[J]. International journal of computer applications, 2012, 41(13):5-8.
[11] HERRMANN D, LINDEMANN J. Obtaining personal data and asking for erasure:do app vendors and website owners honour your privacy rights?[EB/OL].[2019-04-29]. https://arxiv.org/abs/1602.01804.
[12] BAUMER E P S, ADAMS P, KHOVANSKAYA V D, et al. Limiting, leaving, and (re) lapsing:an exploration of Facebook non-use practices and experiences[C]//Proceedings of the SIGCHI conference on human factors in computing systems. New York:ACM, 2013:3257-3266.
[13] LOCASTO M E, MASSIMI M, DEPASQUALE P J. Security and privacy considerations in digital death[C]//Proceedings of the 2011 new security paradigms workshop. New York:ACM, 2011:1-10.
[14] EU. General data protection regulation[EB/OL].[2018-12-29]. https://gdpr-info.eu/art-20-gdpr/.
[15] POLITOU E, ALEPIS E, PATSAKIS C. Forgetting personal data and revoking consent under the GDPR:challenges and proposed solutions[J]. Journal of cybersecurity, 2018, 4(1):1-20.
[16] 中国消费者协会. 100款App个人信息收集与隐私政策测评报告[EB/OL].[2018-12-28]. http://www.cca.org.cn/jmxf/detail/28310.html?tdsourcetag=s_pctim_aiomsg.
[17] 信息通信管理局. 工业和信息化部信息通信管理局就加强用户个人信息保护约谈相关企业[EB/OL].[2018-12-28]. http://www.miit.gov.cn/n1146290/n4388791/c6010832/content.html.
[18] 央视新闻. 手机APP账户难注销工信部:需提供注销服务[EB/OL].[2018-12-29]. http://www.xinhuanet.com/tech/2018-01/05/c_1122213028.htm.
[19] 工业和信息化部. 工业和信息化部关于电信服务质量的通告(2018年第4号)[EB/OL].[2018-12-28]. http://www.miit.gov.cn/n1146295/n1652858/n1652930/n4509627/c6471882/content.html.
[20] ANTIGNAC T, SCANDARIATO R, SCHNEIDER G. A privacy-aware conceptual model for handling personal data[C]//International symposium on leveraging applications of formal methods. Cham:Springer International Publishing, 2016:942-957.
[21] FAWAZ K, SHIN K G. Location privacy protection for smartphone users[C]//Proceedings of the 2014 ACM SIGSAC conference on computer and communications security. New York:ACM, 2014:239-250.
[22] SUNYAEV A, DEHLING T, TAYLOR P L, et al. Availability and quality of mobile health app privacy policies[J]. Journal of the American Medical Informatics Association, 2014, 22(e1):e28-e33.
[23] KOKOLAKIS S. Privacy attitudes and privacy behaviour:a review of current research on the privacy paradox phenomenon[J]. Computers & security, 2017, 64:122-134.
[24] GOLBECK J, MAURIELLO M. User perception of Facebook app data access:a comparison of methods and privacy concerns[J/OL].[2019-05-13]. https://doi.org/10.3390/fi8020009.
[25] CHOI B C F, LAND L. The effects of general privacy concerns and transactional privacy concerns on Facebook apps usage[J]. Information & management, 2016, 53(7):868-877.
[26] 王晰巍,相甍甍,张长亮,等. 新媒体环境下信息隐私国内外研究动态及发展趋势[J]. 图书情报工作, 2017, 61(15):6-14.
[27] 王晗,张玲. 面向个人信息管理的网络隐私保护模型研究[J]. 情报科学, 2015, 33(10):47-51.
[28] 沈洪洲,汤雪婷,周莹. 我国移动社会化媒体隐私保护功能的可用性研究[J]. 图书情报工作, 2017, 61(4):23-30.
[29] 田波,郑羽莎,刘鹏远,等. 移动APP用户隐私信息泄露风险评价指标及实证研究[J].图书情报工作, 2018, 62(19):101-110.
[30] 张玥,王坚,朱庆华. 医疗问诊APP隐私政策的认知影响因素框架模型研究——基于扎根理论方法[J/OL].[2019-05-17]. http://kns.cnki.net/kcms/detail/11.1762.G3.20190122.1424.004.html.
[31] 张里安,韩旭至. "被遗忘权":大数据时代下的新问题[J]. 河北法学, 2017, 35(3):35-51.
[32] 畅旎. 欧盟《通用数据保护法案》的影响与对策[J]. 中国信息安全, 2017(7):90-93.
[33] ZERLANG J. GDPR:a milestone in convergence for cyber-security and compliance[J]. Network security, 2017, 2017(6):8-11.
[34] 吴沈括. 欧盟《一般数据保护条例》(GDPR)与中国应对[J]. 信息安全与通信保密, 2018(6):13-16.
[35] Google. We are committed to complying with applicable data protection laws[EB/OL].[2018-12-08]. https://privacy.google.com/businesses/compliance/.
[36] Microsoft. Safeguard individual privacy with the Microsoft Cloud[EB/OL].[2018-12-08]. https://www.microsoft.com/en-us/trust-center/privacy/gdpr-overview.
[37] Amazon. General data protection regulation (GDPR) center[EB/OL].[2018-12-08]. https://aws.amazon.com/cn/compliance/gdpr-center/.
[38] 于向花. 被遗忘权研究[D]. 长春:吉林大学, 2018.
[39] 周丹. 大数据时代个人数据民法保护问题研究[D]. 武汉:华中师范大学, 2015.
[40] 李汶龙. 大数据时代的隐私保护与被遗忘权[D]. 北京:中国政法大学, 2015.
[41] 新华社. 全国人大常委会关于加强网络信息保护的决定[EB/OL].[2018-12-28]. http://www.gov.cn/jrzg/2012-12/28/content_2301231.htm.
[42] REDING V. The EU data protection reform 2012:making Europe the standard setter for modern data protection rules in the digital age[C]//USA:Innovation conference digital, life, design munich. 2012, 22.
[43] 胡旭. 论被遗忘权制度的法律构建[D]. 武汉:华中师范大学, 2017.
[44] 杨立新, 韩煦. 被遗忘权的中国本土化及法律适用[J]. 法律适用, 2015(2):24-34.
[45] 曹亚廷. 数据可携带权及其对征信业影响初探[J]. 征信, 2016, 34(9):26-28.
[46] COCKCROFT S, REKKER S. The relationship between culture and information privacy policy[J]. Electronic markets, 2016, 26(1):55-72.
[47] Apple. APP store排行榜[EB/OL].[2018-12-09]. https://www.apple.com/itunes/charts/free-apps/.
[48] 宛玲. 国外个人数据保护官的概念、职责与能力素质[J]. 图书情报工作, 2018, 62(17):129-135.
[49] 肖冬梅,谭礼格. 欧盟数据保护影响评估制度及其启示[J]. 中国图书馆学报, 2018, 44(5):76-86.
