On November 9, 2023, the European Parliament passed the Data Act. This act specifies the principles of data flow utilization and data governance in line with EU values, ensures the safe and effective flow of data elements in the European single data market, and further balances the link between personal data protection and the free flow of data. To fully release the value of data elements, further improve the standards of data security and personal information protection in the digital era, regulate the sharing and circulation of data, and ensure the orderly and safe development of the data economy, China can learn from it in the aspects such as protecting personal information rights and interests in the digital era, establishing a unified and coordinated data governance mechanism, strengthening technical interconnection and standard construction, and optimizing data security protection supervision.
Based on the review of domestic regulations and standards related to personal information security, this paper first classifies and studies the transfer methods of personal information. In addition, it sorts out, classifies, and analyzes the actual security compliance problems encountered in the process of personal information transfer. Then, it proposes a security compliance analysis model for personal information transfer. Finally, it gives security compliance suggestions for the personal information transfer activities of personal information controllers.
Based on the strong universality, interaction, and generation capabilities of generative artificial intelligence (AI), combined with the current industrial situation, this paper summarizes the characteristics of user oriented generative AI services, including diverse service forms, innovative interaction methods, and complex service modes. It also sorts out the comprehensive impact of the application of generative AI technology on individual information security and the challenges brought by the model itself. On this basis, this article proposes specific suggestions and plans to enhance personal information security from the perspectives of regulatory governance, standard specifications, and enterprise management.
With the development and popularization of mobile intelligent terminals, more and more users are performing activities such as payment, transfer, and storing personal information on mobile terminals, including smartphones and tablets. In order to improve the security and convenience for users to use mobile intelligent terminals, the current development of mobile intelligent terminal identity authentication tends to be continuous authentication. Firstly, the existing identity authentication work based on mobile intelligent terminal is reviewed. Secondly, the current mainstream performance evaluation indicators and industry applications are organized. Finally, a summary and a discussion are conducted on the urgent issues and development trends of continuous identity authentication in mobile intelligent terminals.
In the context of national requirements for personal information protection and efficient flow of data elements, the privacy computing technology has attracted widespread attention as a key technology to solve data security and flow problems. Standardization of privacy computing technology has become an important research topic in the field of personal information protection. This article focuses on the analysis of the standardization path for privacy computing, and discusses the current situation, existing problems, and relevant suggestions of standardization, aiming to provide reference for the standardization construction of privacy computing technology.
By examining cases where differential privacy(DP) is used for personal information protection in census, digital advertising and large language model, this paper finds that there are still seven practical difficulties in realizing personal information protection through DP, such as unclear definition, unmatched privacy unit, excessively high parameter value, difficulty in accounting, lack of concise explanation, difficulty in verification and audit, and uncertainty of DP’s legal effect. And this paper discusses how to tackle with these difficulties one by one. Solving the practical difficulties of differential privacy can not only strengthen the protection of personal information, but also promote the circulation and utilization of data.
This paper focuses on the identification and verification for minors in cyber space, with considerations for both minors protection and personal information protection. Based on Chinese legislation, this paper analyzes the necessity and complexity of minors identification. On top of that, it sorts out different scenarios, analyzes different triggering mechanisms for minors identification and verification, and explores how to implement the identification and verification.
Private information is the intermediary between privacy and personal information. In judicial practice, there is ambiguity in the definition of private information. Based on the correlation between private information and privacy and personal information, from the perspective of interpretation theory, it is concluded that private information is identifiable and private. However, the dual nature of private information makes it difficult to answer the question of protection or reasonable use. Based on the principle of reasonable privacy expectation theory and supplemented by scenario theory, the hierarchical distinction of private information is carried out, and sensitive private information is classified into the category of privacy rights, and non-sensitive private information is classified into the category of personal information, so as to solve the problems above.
With the development of Web3.0, decentralized digital identity comes into being. Decentralized identity is oriented to decentralized networks, allowing users, institutions, devices and digital assets to access the network, with the characteristics of decentralization, mutual recognition, privacy and security. This paper studies the decentralized digital identity authentication system based on privacy protection, and firstly summarizes its technical architecture, authentication process and technical characteristics. Then,it presents the security protection mechanism based on terminal and the privacy protection scheme based on cryptography. The privacy protection security scheme includes DID authentication based on cryptography and identity attribute authentication. Finally, it introduces the implementation case of the visually impaired user scenario to provide ideas for decentralized digital identity application scenarios and help protect user privacy.
In the era of digital economy, China’s mobile Internet is booming. Apps, application distribution platforms, applets, software development kit (SDK) and others continue to develop rapidly and have also become key areas of personal information protection. Among them, SDK, as an essential functional module for app development, not only provides convenience for app development and promotes industrial prosperity, but also causes a series of issues that infringe on user rights. This article summarizes China’s policies and regulations on SDK personal information protection. It analyzes the personal information protection issues and harm caused by the current SDK, and proposes the detection methods and the regulatory governance model.
Focusing on the protection of personal information and user privacy, this paper studies the practice of social responsibility report in internet industry. Then, it puts forward a comprehensive summary of large and uneven organization governance disclosure differences,lack of institutional data support for management disclosure,urgent transformation of consumer and public information disclosure industry practices, superior support for ecosystem and supply chain disclosure to supervision, the prominent role of technology research and development disclosure in promoting industrial development. This paper hopes to provide ideas for Internet enterprises to compile personal information protection social responsibility report.
The relationship between individuals and society in the digital age is undergoing a transformation from identity interconnection to data interconnection. For the data factor market, this means that individual information becomes a production factor that can realize the value of data. First, this paper clarifies the meaning of individual information in the digital age from the practical perspective of individual information protection. Then, it discusses the social and non-exclusive characteristics of individual information that the process of data factorization has given to individual information. It aims to facilitate the protection of individual information from a theoretical perspective while promoting new balance in the relationship between the individual and the society.
With the advent of the digital age, the importance of data circulation has become increasingly prominent, but there is a lack of new infrastructure to ensure data circulation. Based on the practice of a certain city, this paper proposes to build a data circulation base so as to smooth the circulation of data resources. Firstly, it elaborates the necessity of building a data circulation base as well as the concept and functions of a data circulation base. Then, it proposes how to build a data circulation base to achieve three major functions: authorization, connection, and certificate storage. Finally, it proposes that authorization is the key to achieving the functions of the data circulation base, and authorization can be implemented in three dimensions: process, mechanism, and platform. This study provides theoretical support and practical experience for the safe, orderly, and efficient circulation of data.