信息安全视域下智能家居App隐私政策合规性评价研究

Research on Privacy Policy Compliance Evaluation of Smart Home Applications from the Perspective of Information Security

智能家居通过收集个人信息提升用户的生活体验,但也存在着信息安全风险。对智能家居App隐私政策的合规性进行评价,量化分析其符合《网络安全法》《个人信息保护法》《信息安全技术个人信息安全规范》等法律法规的程度,对于完善隐私政策条款、保障用户信息安全具有重要的意义。依据相关法律法规等规范构建了合规性指标评价体系,选取35款主流智能家居App隐私政策为评价样本进行了测评研究。测评研究表明,智能家居App隐私政策合规性优劣不一,存在着个人敏感信息保护力度不足、个性化推送说明不详、个人生物识别信息的收集与使用未单独告知、信息处理相关人员管理培训缺失等问题。指出App运营方应从这些方面改进,增强隐私政策内容完备性,使其符合我国现行法律法规的规范,降低潜在的隐私风险。

Smart home enhances users’life experience by collecting personal information,but there are also informa-tion security risks.In order to improve the terms of privacy policy and protect users’information security,it is important to evaluate the compliance of smart home application privacy policy and quantitatively analyze its degree of compliance with laws and regulations such as Network Security Law,Personal Information Protection Law,Information Security Tech-nology Personal Information Security Specification.This paper constructs a compliance index evaluation system based on relevant laws and regulations,and selects 35 mainstream smart home applications’privacy policies as evaluation samples for evaluation research.The evaluation research shows that the compliance of smart home application privacy policy var-ies,and there are problems such as insufficient protection of personal sensitive information,lack of detailed description of personalized push,collection and use of personal biometric information not separately informed,and lack of management training for personnel related to information processing,etc.This paper points out that application operators should im-prove these aspects,enhance the completeness of the privacy policy content,make it conform to the norms of China’s cur-rent laws and regulations,and reduce potential privacy risks.