■数字技术,尤其是联系人追踪应用,对于监测和追踪COVID-19在全球的传播至关重要。中国开发了健康代码应用程序,作为对大流行的应急响应,并计划将其用于更广泛的公共卫生服务。然而,隐私政策中的潜在问题可能会危及个人信息(PI)保护。
■我们旨在评估中国大陆30种健康代码应用程序的隐私政策是否符合个人信息保护法(PIPL)和相关规范。
■我们在2023年8月26日至9月6日期间审查并评估了30个健康代码应用程序的隐私政策。我们根据PIPL和相关规范中提供的信息生命周期使用了3级指标量表。比额表包括7个一级指标,26个二级指标,和71个三级指标。
30个健康代码应用程序的平均依从性评分为59.9%(SD22.6%)。共有13个(43.3%)应用程序得分低于这一平均水平,和6个应用程序得分低于40%。一级指标得分包括以下内容:一般属性(平均85.6%,SD23.3%);PI收集和使用(平均66.2%,SD22.7%);PI存储和保护(平均63.3%,SD30.8%);PI共享,转让,披露,和透射率(平均57.2%,标准差27.3%);PI缺失(平均52.2%,标准差29.4%);个人权利(平均59.3%,标准差25.7%);和PI处理器职责(平均43.7%,标准差23.8%)。敏感PI保护合规性(平均51.4%,标准差26.0%)落后于一般PI保护(平均83.3%,SD24.3%),只有1个应用程序需要单独同意进行敏感的PI处理。此外,46.7%(n=14)的应用程序需要单独同意分包活动,虽然披露的PI接收者信息较少(n=13,43.3%),安全预防措施(n=11,36.7%),以及特定事件期间PI转移的规则(n=10,33.3%)。大多数隐私政策规定了PI保留期(n=23,76.7%)和后期删除或匿名(n=22,73.3%),但只有6.7%(n=2)致力于提示第三方PI删除。大多数应用程序都划定了各种个人权利:查询权(n=25,83.3%),正确(n=24,80%),并删除PI(n=24,80%);取消其帐户(n=21,70%);撤回同意(n=20,60%);并要求隐私政策解释(n=24,80%)。只有一小部分人有权获得副本(n=4,13.3%)或拒绝自动决策广告(n=1,3.3%)。PI处理器职责的平均合规率仅为43.7%(SD23.8%),影响评估存在重大缺陷(平均5.0%,SD19.8%),PI保护官任命(平均6.7%,SD24.9%),定期合规审计(平均6.7%,SD24.9%),和投诉管理(平均37.8%,SD39.2%)。
■我们的分析揭示了健康代码应用程序的隐私政策与PIPL和考虑信息生命周期的相关规范的合规性方面的优势和重大缺陷。随着中国考虑未来扩展使用健康代码应用程序,它应该阐明应用程序规范化的合法性,并确保用户提供知情同意。同时,中国应提高相关隐私政策的合规水平,并加强其执法机制。
Digital technologies, especially contact tracing apps, have been crucial in monitoring and tracing the transmission of COVID-19 worldwide.
China developed health code apps as an emergency response to the pandemic with plans to use them for broader public health services. However, potential problems within privacy policies may compromise personal information (PI) protection.
We aimed to evaluate the compliance of the privacy policies of 30 health code apps in the mainland of
China with the Personal Information Protection Law (PIPL) and related specifications.
We reviewed and assessed the privacy policies of 30 health code apps between August 26 and September 6, 2023. We used a 3-level indicator scale based on the information life cycle as provided in the PIPL and related specifications. The scale comprised 7 level-1 indicators, 26 level-2 indicators, and 71 level-3 indicators.
The mean compliance score of the 30 health code apps was 59.9% (SD 22.6%). A total of 13 (43.3%) apps scored below this average, and 6 apps scored below 40%. Level-1 indicator scores included the following: general attributes (mean 85.6%, SD 23.3%); PI collection and use (mean 66.2%, SD 22.7%); PI storage and protection (mean 63.3%, SD 30.8%); PI sharing, transfer, disclosure, and transmission (mean 57.2%, SD 27.3%); PI deletion (mean 52.2%, SD 29.4%); individual rights (mean 59.3%, SD 25.7%); and PI processor duties (mean 43.7%, SD 23.8%). Sensitive PI protection compliance (mean 51.4%, SD 26.0%) lagged behind general PI protection (mean 83.3%, SD 24.3%), with only 1 app requiring separate consent for sensitive PI processing. Additionally, 46.7% (n=14) of the apps needed separate consent for subcontracting activities, while fewer disclosed PI recipient information (n=13, 43.3%), safety precautions (n=11, 36.7%), and rules of PI transfer during specific events (n=10, 33.3%). Most privacy policies specified the PI retention period (n=23, 76.7%) and postperiod deletion or anonymization (n=22, 73.3%), but only 6.7% (n=2) were committed to prompt third-party PI deletion. Most apps delineated various individual rights: the right to inquire (n=25, 83.3%), correct (n=24, 80%), and delete PI (n=24, 80%); cancel their account (n=21, 70%); withdraw consent (n=20, 60%); and request privacy policy explanations (n=24, 80%). Only a fraction addressed the rights to obtain copies (n=4, 13.3%) or refuse advertisement of automated decision-making (n=1, 3.3%). The mean compliance rate of PI processor duties was only 43.7% (SD 23.8%), with significant deficiencies in impact assessments (mean 5.0%, SD 19.8%), PI protection officer appointment (mean 6.7%, SD 24.9%), regular compliance audits (mean 6.7%, SD 24.9%), and complaint management (mean 37.8%, SD 39.2%).
Our analysis revealed both strengths and significant shortcomings in the compliance of privacy policies of health code apps with the PIPL and related specifications considering the information life cycle. As
China contemplates the future extended use of health code apps, it should articulate the legitimacy of the apps\' normalization and ensure that users provide informed consent. Meanwhile,
China should raise the compliance level of relevant privacy policies and fortify its enforcement mechanisms.