1 / 48

Evaluation Report on Personal Information Protection of 100 Internet Application

Evaluation Report on Personal Information Protection of 100 Internet Application Products Worldwide ( 2018 ) 全球百款互联网应用产品个人信息保护测评报告( 2018 ). PART 01. Overview 测评基本情况说明. Positioning of this Report / 本 报告定位.

brianp
Download Presentation

Evaluation Report on Personal Information Protection of 100 Internet Application

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evaluation Report on Personal Information Protection of 100 Internet Application Products Worldwide (2018 ) 全球百款互联网应用产品个人信息保护测评报告(2018)

  2. PART 01 • Overview • 测评基本情况说明

  3. Positioning of this Report / 本报告定位 Pursuant to the Decision of the Standing Committee of the National People's Congress on Strengthening Information Protection on Networks, Cybersecurity Law of the People's Republic of China, Law of the People’s Republic of China on the Protection of Consumer Rights and Interests, Information Security Technology – Guidelines for the Protection of Personal Information in Public and Commercial Service Information Systems, E-Commerce Law of the People's Republic of China as well as international practice and industry consensus, and on the basis of previous evaluation standards, Evaluation Group selected 100 Internet Application Products(hereinafter referred to APPs)in 18 representative and widely used fields to conduct evaluation. 测评组根据《全国人大常委会关于加强网络信息保护的决定》、《网络安全法》、《消费者权益保护法》、《信息安全技术公共及商用服务信息系统个人信息保护指南》、《电子商务法》,参照国际惯例和行业共识,在以往测评标准的基础上,选择具有代表性、应用场景较多的18个领域的100款互联网应用产品(简称“APP”)为测评对象进行分析。

  4. Positioning of this Report / 本报告定位 Meanwhile, referring to the evaluations conducted by Office of the Central Cyberspace Affairs Commission, Ministry of Industry and Information Technology People’s Republic of China (hereinafter referred to as “P.R.C.”), Ministry of Public Security P.R.C., State Administration for Market Regulation P.R.C., ND Personal Information Security Research Center and China Consumers` Association, Evaluation Group conducted a more detailed and internationalized evaluation. Therefore, this report not only devotes itself to improving the compliance level of Internet industry, but also aims at providing empirical support for the legislation of personal information protection brought by the new business model of big data industry. 测评组在参考中央网信办、工信部、公安部、市场监管总局、南都个人信息保护中心与中国消费者协会测评的基础上,开展了更加细化,更具国际化视野的测评活动。 因此,本报告不仅以全球化视野致力于推动互联网行业规范发展、促进企业合规运营,还希望对大数据产业中新型商业模式带来的个人信息保护立法提供实证研究支持。

  5. Evaluation Objects/ 测评对象

  6. Evaluation Objects/ 测评对象

  7. Evaluation Objects/ 测评对象

  8. Evaluation Objects/ 测评对象

  9. 19 Indexes Involved in the Evaluation/ 测评指标

  10. Score Conversion Table/评级折算对照表

  11. PART 02 • Score Description for 100 APPs全球百款互联网产品个人信息保护测评结果

  12. Score Description for 100 APPs百款APP总体评价

  13. Score Description for 18 Industries

  14. 全球百款互联网产品平均得分情况

  15. Overall Score Description for 18 Categories The 100 APPs evaluated are divided into 18 categories and the average score is 63.9 which is mediocre. Among 18 categories, the average score of 5 industries (cloud storage, browsers, travel navigation, social networking software, online shopping) are at level B rated as good; another 8 industries (email, financial payment, tourism accommodation, smart home, mobile medical care, word processing, live streaming / video, online music) are at level C rated as average; the other 5 industries are at level D rated as unsatisfying. In general, there is still much room for Internet enterprises` performance on Policies compliance to improve. 百款APP被划分为18类,18类APP的总体平均得分为63.9分,表现一般。 18类APP中,云储存类、浏览器类、出行导航类、社交软件类以及网络购物类5个领域APP平均得分处于B档,表现良好;电子邮箱类、金融支付类、旅游住宿类、智能家居类、移动医疗类、文字处理类、视频直播类、网络音乐类8个领域APP的平均得分处于C档,表现一般,剩下5个领域APP的平均得分处于D档,表现不佳。 总体来看,互联网企业在个人信息保护政策合规的表现仍有较大提升空间。。

  16. Overall Score Description for 18 Categories Three categories with the highest average score are cloud storage, browser, travel navigation and are rated at level B. Scoring from the four Indexes (Policies` form, processing period, complaint mechanism, security and maintenance) , while cloud storage APPs outperform other APPs in security and maintenance, browser APPs perform the best in compliant mechanism; travel navigation APPs have high scores in all four Indexes which lead to a good overall performance ranking the third. 平均得分最高的三类APP分别为云储存类、浏览器类、出行导航类,均处于B档。 从政策形式、处理周期、申诉机制和安全与维护等四个单项的得分来看,云储存类APP在个人信息保护的安全与维护方面表现最佳。 浏览器类APP在申诉机制方面表现最佳。而出行导航类APP由于各个方面得分均较高,因此总体表现较好,排名第三。

  17. Overall Score Description for 18 Categories Three categories with the lowest average score, all rated at level D, are charity crowdfunding, aerial photography and smart parking. Smart parking APPs meet the complaint mechanism standard, but are scored 0 in security and maintenance and with the lowest scores for personal information collection, deletion, transfer and alteration; Aerial photography APPs and Charity crowdfunding APPs have lower rankings due to the low scores for Policies` form and processing period. Overall, the main reasons these APPs get low scores are that they lack of satisfying Policies and did not realize the importance of personal information protection compliance, which means there have much room for these APPs to improve. 平均得分最低的三类APP分别为公益众筹类、航拍软件类、智能停车类,均处于D档。 智能停车类APP的申诉机制基本符合测评标准,但安全维护方面得分为零,在个人信息的收集、删除、转移和变更方面得分最低。至于航拍软件和公益众筹两类APP,因政策形式及处理周期两类单项得分较低,排名靠后。 总体而言,这三类APP得分不佳的主要原因在于缺乏完善的个人信息保护政策,未意识到个人信息保护合规的重要性,有较大的改进空间。

  18. Score for 100 APPs 百款APP分等级评价

  19. Grade Distribution of 100 APPs /评级分布图 Notes: Data collection for this report is based on enterprises` Policies that were active between November 1, 2018 and November 17, 2018. For the sake of fairness, any modified, updated and improved content in Policies after this period shall be included in the next assessment year, hereby certify.

  20. Overall Score Distribution/得分情况 Among 100 APPs evaluated this time, five APPs are at level A with “excellent” performance; 35 APPs are at level B with “good” performance; 31 APPs are at level C with “average” performance; and 29 APPs are at level D (including three sub-levels: D+, D, D-) with “unsatisfying” performance. Overall, the “excellent” rate for 100 APPs tested is quite low. 60% of the APPs are in compliance with the Policies only at superficial level. The entire Internet industry still needs to improve its protection of personal information. 此次测评的100款APP中,5款APP处于A档,表现优秀;35款APP处于B档,表现良好;31款APP处于C档,表现一般;29款APP处于D档(包括D+、D、D-三小档),表现不佳。从总体情况来看,测评的百款APP个人信息保护政策优秀率较低,约60%的APP在个人信息保护方面停留在形式合规的水平,互联网行业整体在个人信息保护方面仍有待提高。

  21. Five APPs are at Level A (Excellent) Among 100 APPs evaluated this time, only five APPs are at level A. These APPs are relatively complete in terms of the form and content of the Policies. The feedback mechanisms of these APPs are convenient and effective, which perform remarkably and meet the evaluation standards. 这些APP的相关政策在个人信息保护的政策形式方面内容较为完善,反馈机制便捷、有效,符合测评标准,表现优秀。(支付宝、 Gmail的得分连年提升;京东产品整体表现优秀)

  22. Thirty-five APPs are at Level B (Good) Among 100 APPs evaluated this time, 35 APP are at level B. The relevant policies of these APPs basically comply with the provisions of laws, regulations and national standards in the form of Policies; collection, deletion, transfer and alteration of personal information; complaint mechanism; as well as security and maintenance four perspectives. However, due to the low scores in Policies` form and processing period, these APPs fail to reach the excellent level. With the introduction of Personal Information Protection Law of the People's Republic of China and relevant judicial interpretations, these enterprises` compliance condition would be much better. 百款APP中,有35款APP处于B档,这些APP的相关政策在政策表现形式、对个人信息的收集、删除、转移和变更、用户的申诉机制以及对个人信息的安全维护四个方面能够基本符合法律法规、国家标准的规定。但是这类APP在政策形式单项以及处理周期单项的个别指标得分较低,因此未能达到优秀水平。 (腾讯系列产品基本都处于B档良好: ①微信(B )facebook (B) ; ②腾讯微云(B)Icloud (B) ;③微众银行(B)、微信支付(B)、 Apple pay(C); ④ Booking (B)VS 携程(B);)

  23. Thirty-one APPs are at Level C (Average) Among 100 APPs evaluated this time, 31 APP are at level C. The relevant policies of these APPs basically meet the compliance standards of this evaluation, but the forms of Policies and the effect of complaint feedback still needs to be improved. The main reason why these APPs fail to be rated as level B is that they are scored low in Policies` form and processing period, which means that the related enterprises are not compliant enough in terms of the collection, deletion, transfer and alteration of personal information, and fail to protect the informed consent right of users. Therefore, these Internet enterprises should strengthen the protection of users' rights and interests such as the right to know, the right to consent, the right to change, the right to delete and the right to cancel. 百款APP中,有31款APP处于C档,这些APP的相关政策基本符合本次测评的合规标准,但是仍然需要完善政策形式,提升申诉反馈效果。这类APP未能评级为B档的主要原因是相关企业在政策形式和处理周期两个单项指标的得分较低,这意味着相关企业在个人信息的收集、删除、转移和变更这个方面的合规程度不足,未能充分保障用户的知情同意权。(谷歌地图(C)VS 百度地图(B))

  24. Twenty-nine APPs are at Level D (Unsatisfying) Among 100 APPs evaluated this time, 29 APPs are at level D (including three sub-levels: D +, D, D-) with “unsatisfying” performance. These APPs` Policies fail to protect users' right to know and right to consent according to relevant regulations in terms of Policies` form, processing period, complaint mechanism and other aspects. Among 29 “unsatisfying” APPs, 13 APPs are rated as “D+” which may raise to level C provided they improve Policies` form as well as security and maintenance. 12 APPs rated as “D” are scored below average in terms of Policies` form and processing period. There are four APPs rated as “D-”. 4 APPs neither provided rules regarding Policies` form, processing period, and security and maintenance, nor provided approaches for user complaint. 百款APP中,有29款APP处于D档(包括D+、D、D-三小档),表现不佳。在这些APP中,有13款APP被评价为“D+”,这类APP如果能够对隐私政策形式以及安全与维护两个方面进行改进,有较大希望提升至C档。有12款APP被评价为“D”,这类APP在隐私政策形式、处理周期两方面得分远低于平均水平。有4款APP被评价为“D-”,这类APP基本没有体系化的个人信息保护政策,缺乏申诉途径和安全保护手段,因此运营这些APP的互联网企业需要提升对个人信息保护合规工作的重视程度。 (大疆无人机 VS Ehangplay无人机(D+))

  25. Evaluation Summary of Recent Years 2014-2018 近年测评情况总结(2014-2018)

  26. Evaluation Summary of Recent Years 2014-2018

  27. Evaluation Summary of Recent Years 2014-2018 In 2014, Evaluation Group selected 21 Internet APPs from Internet enterprises and evaluated their protection of users' personal information. Among the 21 APPs selected, the qualified rate of their Policies is less than a half, and most of the enterprises lack regulations on complaint mechanism. Compared with foreign Internet enterprises, the Policies` provisions of enterprises in China are not standardized, and their awareness of the protection of users' personal information is weak. 2014年,测评组选取了21家互联网企业的产品及服务进行用户个人信息保护情况的测评。在选取的21个项目中,测评组发现所有企业的隐私政策中,在个人信息保护政策文本的合格率不足半数,对于用户申诉途径方面大部分企业也没有规定。同时,对于安全责任方面作规定的企业占比也非常之少。相比于域外互联网企业,中国相关互联网企业的隐私政策条款没有达到规范和标准,其对用户个人信息保护的意识仍然较为薄弱。

  28. Evaluation Summary of Recent Years 2014-2018 In 2015, Evaluation Group assessed the protection of users' personal information of 50 Internet APPs, covering 13 industries including integrated platform, financial management, email, instant messaging and travel/online taxi. Only 10 APPs have reached the cutoff score (60 points), yet merely three of them were domestic APPs. Compared with foreign Internet enterprises, the comprehensiveness and compliance level of domestic Internet enterprises' Policies are still in a growing stage. 2015年,测评组主要测评了50个互联网应用产品,范围覆盖综合平台、金融理财、电子邮箱、即时消息、出行/打车等13个行业领域。在本次测评的50家互联网公司产品中,仅10个产品达到了及格线(60分),国内互联网产品中合格的仅有3个。相比域外互联网企业,国内互联网企业隐私政策的全面性和合规性仍处于不完善阶段。

  29. Evaluation Summary of Recent Years 2014-2018 In 2017, Evaluation Group evaluated 79 Internet APPs, covering 13 fields including integrated social networking software, instant messaging, online taxi, travel, cloud storage, online video, and express delivery. Cloud storage, map navigation and instant messaging rank as top three among the 13 industries in terms of average scores. The overall scores of various Internet APPs have improved compared with previous years, but the overall performances are not satisfying 2017年,测评组测评了79款互联网应用产品,其范围覆盖综合社交、即时通讯、打车、旅行、云储存、在线视频、快递等13个领域。在测评的79个产品中,云储存类、地图导航类和即时通讯类位列13个行业领域的平均得分前三,各类互联网产品总体得分较往年有所提升,但是总体合规水平仍然不高。

  30. Evaluation Summary of Recent Years 2014-2018 In 2018, Evaluation Group evaluated 100 Internet APPs, covering 18 industries including online shopping, browser, social networking software and so on. The evaluation result shows that relevant enterprises have made great progress in personal information protection this year, most of the Internet APPs are in compliance with relevant laws, which indicates that Internet enterprises are improving their privacy protection level. 2018年测评组测评了100款互联网应用产品,其范围覆盖网络购物类、浏览器类、社交软件类等18个行业领域。测评结果显示,本年度相关企业在个人信息保护方面有了较大提升,多数互联网应用产品实现了个人信息保护政策的基本合规。这说明相关互联网企业在不断提升企业的个人信息保护水平。

  31. PART 03 • The Comparation of Personal Information Protection of APPs in and out of China • 20款国外互联网产品评级情况

  32. Scores for 20 APPs/ 20款域外APP总体得分情况

  33. Scores for 20 APPs/ 20款域外APP总体得分情况

  34. Scores for 20 APPs/ 20款域外APP总体得分情况 Among the 20 extraterritorial APPs in this evaluation, 2 of them are at level A with “excellent” performance; 7 of them are at level B with “good” performance; 9 of them are at level C with “average” performance; and 2 are at level D with “unsatisfying” performance. Overall, these APPs score well in privacy policies. 此次测评的20款域外APP中,2款APP处于A档,表现优秀;7款APP处于B档,表现良好;9款APP处于C档,表现一般;2款APP处于D档,表现不佳。 总体来看,域外APP的个人信息保护得分情况良好。

  35. Comparison of Overall Average Score for APPs in and out of China The scores of APPs in China are very close to those of APPs outside China, and the overall evaluation scores of APPs in and out of China are less different. 对域内外APP的总体平均得分进行对比可以发现,域内APP与域外APP的得分非常接近,域内外APP总体评价分相差较少。

  36. Comparison of Overall Average Score for APPs in and out of China In terms of Policies’ form,interterritorial APPs are more in line with the evaluation criteria. 在政策形式方面,域内APP较符合测评标准,因此得分相对较高;

  37. Comparison of Overall Average Score for APPs in and out of China In terms of processing period (mainly involving the collection, deletion, transfer and alteration of personal information), extraterritorial APPs perform better, and these operators pay more attention to protect users' personal information rights. 在处理周期方面(主要涉及到对个人信息的收集、删除、转移和变更)域外APP做的较好,这些经营者更注重对用户个人信息权的保护。

  38. Comparison of Overall Average Score for APPs in and out of China In terms of complaint mechanism, since the feedback effect of extraterritorial APPs after user complaint is not mediocre, the interterritorial APPs score of this item is higher than that of extraterritorial APPs. 在申诉机制方面,由于域外APP在用户申诉后的反馈效果方面表现一般,因此域内在该单项得分高于域外。

  39. Comparison of Overall Average Score for APPs in and out of China However, the average scores of extraterritorial APPs in terms of security and maintenance mechanism are higher, indicating that these operators need to further strengthen the construction of security and maintenance mechanism. 在安全与维护机制方面,域外APP的平均得分较高,这表现出域内相关APP的运营者需要进一步加强对安全维护机制的建设。

  40. Evaluation of the Average Score for Policies’ Form in and out of China 政策形式:大疆无人机 VS Ehangplay无人机(D+)在政策形式单项得分均最低

  41. Evaluation of the Average Score for Processing Period in and out of China 处理周期:MS office 14/18分VS WPS office 8分/18分 微软表现较好

  42. Evaluation of the Average Score for Complaint Mechanism in and out of China 申诉机制:(BOOKING\ AIRBNB满分4/4 VS 去哪网2/4 马蜂窝1/4;google地图0分/百度地图满分4/4分

  43. Evaluation of the Average Score for Security and Maintenance in and out of China 安全维护机制:大疆无人机 VS Ehangplay无人机(D+);国内外社交软件该项得分为满分

  44. PART 04 • Legal Analysis • 法律分析

  45. Existing Problems/现存问题 1.The Dilemma of Personal Information Legislation in China 中国个人信息立法困境 2.Lack of Normalized Law Enforcement Mechanism 常态化执法机制缺位 3.Mediocre Performance of Enterprise Compliance 企业合规现状表现一般 4.Challenges Brought by Strict Legislation in the EU and the US 欧美严格立法带来挑战

  46. Suggestions for Improvements/建议 1.Constructing a Systematic and Comprehensive Legislative System 构建系统周延立法体系 2.Establishing Normalized Administrative Law Enforcement Mechanism 建立常态行政执法机制 3.Promoting the Compliance Level of Enterprises 提升企业合规水平 4.Collaborative Promotion by Third Party Assessment Institutions 第三方评估机构协同促进

  47. PART 05 • Special Statement • 解释及说明

  48. 相关解释与说明 In order to fully express the related concepts and opinions, this report refers to names, products or services of some enterprises, and such reference shall not indicate any intention to recommend any enterprises or products. Adopting an academic neutral attitude, this report only evaluates the Policies published on the enterprises` websites and users` experience toward the privacy or personal information setting. The evaluation result is not to be considered as a comprehensive judgment for privacy and personal information protection level of related enterprises. Specifically, this report at least does not cover the following aspects (including but not limited): (1) enterprises` actual implementation of their Policies at technical level, for example, whether the APPs provided actually follow the texts of released Policies; (2) compliance level of enterprises` Policies in various countries or regions, for example, whether the Policies meet the mandatory minimum requirements of each country. For information not publicly available (such as enterprises` product-positioning and future develop-strategy, information security technology means, internal information management system), or content not presented in the text of Policies, there is also no such evaluation in this report. In addition, data collection for this report is based on enterprises` Policies that were active between November 1, 2018 and November 17, 2018. For the sake of fairness, any modified, updated and improved content in Policies after this period shall be included in the next assessment year, hereby certify.

More Related