Recently, Xiaopeng automobile was fined 100000 yuan by Xuhui District market supervision and Administration Bureau. The reason for punishment is that the party concerned purchased 22 camera equipment with face recognition function and installed them in its stores, so as to count the number of people entering the stores and analyze the proportion of men and women, age, etc; From January to June this year, 431623 face photos were collected and uploaded. This behavior violates the law on the protection of consumers' rights and interests without the consent of consumers and without explicitly informing consumers of the purpose of collection and use. On the afternoon of December 14, techweb learned about the positive response of Xiaopeng automobile to this incident. Xiaopeng automobile said that the store in Shanghai hoped to improve the reception process and better serve customers in the store through the collection and analysis of store passenger flow and other data. However, due to lack of familiarity with the relevant legal provisions, it mistakenly purchased and used the products of a third-party supplier (youluoke) who violated the relevant legal provisions. Xiaopeng automobile fully obeyed the administrative punishment and made a deep reflection on the matter. At present, Xiaopeng's Shanghai store has taken the initiative to remove all collection equipment through internal self inspection and self correction before the inspection of Shanghai Municipal Bureau of supervision on March 18. The face data has been collected and analyzed by a third-party software provider, and all the data have been deleted. Xiaopeng automobile does not disclose or illegally use personal information. It only uses non personal related digital data such as passenger flow visits as a reference for its business status. Xiaopeng automobile said that it will strictly abide by the national provisions on the protection of consumers' personal information and ensure that the legitimate rights and interests of customers are not infringed. We apologize for the trouble caused to the public and customers by this incident. Honest and legal operation is the cornerstone of our business. We will standardize business behavior with practical actions, improve customer experience and provide safe and thoughtful services for consumers. Relevant regulations [forced face recognition by app? Account can't be cancelled? The country is going to do it] Beijing, November 14 (reporter Wu Tao) at present, the leakage of personal privacy information on the network occurs from time to time. App often forces users to authorize, otherwise they can't use it, and even "don't let face recognition, you can't enter your own community door". In the future, there will be rules to deal with these things. On the 14th, the state network information office issued a notice on the public solicitation of opinions on the regulations on the administration of network data security (Draft for comments) (hereinafter referred to as the draft for comments), which plans to strengthen the construction of data security protection capacity, ensure the orderly and free flow of data according to law, and promote the rational and effective use of data according to law. How to deal with personal information? The exposure draft points out that data processors shall not refuse to provide services or interfere with the normal use of services because individuals refuse to provide information other than personal information necessary for services. The picture comes from the screenshot of the regulations on the administration of network data security (Draft for comments). The exposure draft also points out that the consent to process personal information shall be applied to individuals according to the type of service, and general terms shall not be used to obtain consent; The processing of sensitive personal information such as personal biometrics, religious beliefs, specific identities, medical and health care, financial accounts and whereabouts shall be subject to the individual's separate consent. "When dealing with the personal information of minors under the age of 14, they shall obtain the consent of their guardians; they shall not force individuals to agree to deal with their personal information on the grounds of improving service quality, improving user experience and developing new products; they shall not obtain individual consent by means of misleading, fraud and coercion; they shall not be lured by binding different types of services, batch application for consent, etc Guide and force individuals to agree to batch personal information; It is not allowed to frequently ask for consent or interfere with the normal use of the service after an individual clearly expresses his disagreement. " In addition, when the user requests to terminate the service or log off the account, the data processor shall delete the personal information or anonymize it within 15 working days. It is worth noting that previously, app or community property forced users to face recognition. The exposure draft pointed out that if data processors use biometrics for personal identity authentication, they should conduct risk assessment on the necessity and security, and shall not use biometrics such as face, gait, fingerprint, iris and voiceprint as the only way of personal identity authentication, so as to force individuals to agree to collect their personal biometric information. Enterprises can't do these things In addition to the proposed personal information processing rules, the exposure draft also makes various requirements for data processors, pointing out that no individual or organization shall illegally sell or provide data to others when carrying out data processing activities; No data shall be obtained by stealing or other illegal means; It shall not infringe upon the reputation, privacy, copyright and other legitimate rights and interests of others. "Any individual or organization who knows or should know that others are engaged in the activities mentioned in the preceding paragraph shall not provide them with technical support, tools, procedures, advertising promotion, payment and settlement and other services." The data processor shall protect the data from disclosure, theft, tampering, damage, loss and illegal use, deal with data security incidents, prevent illegal and criminal activities against and use of data, and maintain the integrity, confidentiality and availability of data. "In case of data security incidents such as the leakage, damage and loss of important data or personal information of more than 100000 people, the data processor shall also report the basic information of the incident to the network information department at the municipal level divided into districts and relevant competent departments within eight hours of the security incident, including the amount, type, possible impact, disposal measures taken or to be taken, etc." The exposure draft points out that. In addition, the exposure draft regulates some "crawlers" on the Internet. If automatic tools access and collect data in violation of laws, administrative regulations or industry self-discipline conventions, affect the normal function of network services, or infringe upon the legitimate rights and interests of others, the data processor shall stop accessing and collecting data and take corresponding remedial measures. (Xinhua News Agency)