In the current information age, personal information has become a similar or even more important resource with talents, funds and raw materials. However, with the rapid development of e-commerce, consumers' concerns about the lack of online privacy protection have gradually increased with the use of the Internet. On the one hand, the Internet has brought unprecedented speed to the collection and dissemination of personal information and created great space for the commercial use of personal information, but this double-edged sword also puts privacy in an awkward position.
(A) the status quo of consumer privacy in e-commerce environment
The right of network privacy refers to a kind of personality right that citizens enjoy the peace of private life, and private information is protected by law and cannot be illegally violated, known, collected, used and disclosed by others. It also means that it is forbidden to disclose some personal information on the internet, and protecting consumers' privacy is a prominent one. Because e-commerce is different from the traditional consumption mode, e-commerce operators often ask the counterparty to provide a lot of personal information during the transaction, and network operators can also use technical means to obtain more personal information of consumers.
First, the main content of consumer privacy protection in e-commerce environment
1. Privacy protection of personal data
Consumer's protected personal data mainly includes: specific personal information (name, gender, date of birth, ID number), sensitive information (including religious belief, marriage, family, occupation, medical records, income, personal experience), e-mail information, IP address, user name and password. Network operators must obtain the consent of the data subject, that is, consumers themselves, and use legal means to collect the above personal data. And ensure that the collected data shall not be used for purposes other than the prior statement of the network operator, and shall not be disclosed or transferred to a third party without the consent of consumers. The disclosure and publicity of personal data must also be approved by the data subject consumers.
2. Protect communication secrets and freedom of communication
Communication secrets and freedom of communication are constitutional rights enjoyed by consumers. E-mail is the most common means of communication in the network world, and the security of its content depends on the security of the mail server, the security of the mail transmission network and the security of the mail receiving system.
3. Protect the peace of personal life
Almost all online consumers have received a large number of unsolicited emails. It can be said that the amount of spam provided by operators is unbearable, which has aroused the resentment of consumers. A large number of unsolicited commercial e-mails have become a heavy burden on consumers.
2. The main forms of infringement of consumers' privacy rights in the e-commerce environment
According to the above discussion, in the e-commerce environment, consumers' right to privacy mainly includes the right to control personal information, the right to conceal personal affairs and the right to live in peace, among which the right to control personal information is the most fragile. This paper mainly deals with the forms of infringement of personal information control rights.
1, collect personal data at will. At present, e-commerce operators often collect and use consumers' personal information at will for their own business purposes or other specific purposes. The main way for e-commerce operators to collect consumers' personal information is IP tracking.
2. Deep development and utilization of personal data. Consumers have the right to control personal information, unless they are specially authorized by consumers or public institutions use personal information for public management needs, which constitutes infringement.
3. Illegal transfer of personal data. Improper use of personal data also means that personal data is illegally transferred without authorization. There are two main forms of personal data flow in e-commerce. One is that merchants exchange their collected information with each other or share information with partners. The other is to sell personal data as "information products" to a third person or transfer them to others for use.
Third, consumer rights in e-commerce environment.
1, the right to know, that is, when collecting and using consumers' personal information, network operators must clearly inform consumers of their identity, address and contact information. And tell them what the information collected is, what the content of the information is, what the purpose is, whether it will be shared with others, and the storage of the information.
2. The right to choose means that operators must obtain the consent of consumers before collecting personal data, otherwise they may not collect data.
3. Control right, consumers have control over the use of personal information, including deciding whether to disclose information, share it with third parties, and whether it can be transferred to third parties; Have the right to access personal data through reasonable channels, and have the right to modify and supplement wrong personal information; After the specific purpose of using personal data disappears or the use period expires, consumers have the right to request permanent deletion.
4. Right of security claim, consumers have the right to ask network operators to take necessary and reasonable measures to protect the security of customers' personal information. When the network operator refuses to take necessary measures and technical means to protect the personal information of customers on the network, consumers have the right to ask the operator to stop using it.
5. The right to claim compensation. When the privacy right of online consumers is infringed, consumers have the right to ask the operators to bear corresponding responsibilities, and should compensate according to law when losses are caused.
Four, corresponding to the rights of consumers are the obligations of operators, and the obligations of network operators are as follows:
1, the privacy policy must be clearly stated on the home page. Network operators need to inform consumers of their privacy policies, so that consumers can understand the operators' privacy policies and better protect their privacy rights.
2. The information content that operators can collect can be divided into personalized information and non-personalized information according to the degree of contact between information and individuals.
3. The purpose of personal data collection by operators requires that operators must clearly inform consumers of the purpose of personal data collection.
4. Obligation to protect consumers' personal data. Network operators should take appropriate steps and technical measures to protect the safety of consumers' personal data.
5. Operators are prohibited from enjoying consumers' personal data. Unless otherwise provided by law, an operator shall not provide a third party with the consumer's name, e-mail address and other personal data without the explicit consent of the consumer, and shall not share the consumer's personal data with other operators. Operators should explicitly prohibit the interconnection and comparison of data documents,
Verb (abbreviation of verb) The current situation of consumer privacy protection in e-commerce environment
At present, there are obvious differences among countries in the world in the way of protecting privacy. The United States, France, Germany and other countries adopt direct protection and recognize the right to privacy as an independent personality right. When personal privacy is infringed, the victim can file a lawsuit on the grounds of infringement of privacy. However, China does not recognize the right of privacy as an independent civil right through indirect protection, but regards it as an interest under the right of personality. When personal privacy is infringed, we can only ask for legal relief by virtue of the right of reputation or other personality rights.
Generally speaking, China's laws not only do not clearly stipulate the protection of privacy, but also protect personal dignity to the extent that it is forbidden to damage the reputation rights of citizens and legal persons. China's network privacy protection is basically in a state of law to follow. Therefore, for online consumers in our country, there is no new law to protect online privacy, nor can we resort to traditional privacy protection methods to protect personal online privacy.
(B) consumer privacy issues in the e-commerce environment
1. Lack of necessary industry self-discipline mechanism.
In order to protect the development of information industry, all countries have adopted prudent privacy protection policies. For example, in addition to legislation, the United States basically adopts industry self-regulation, such as TRUSTe privacy certification, BBBOnLine privacy certification, and P3P plan. There is no unified and self-disciplined trade association in China's network service industry, and the competition is still in disorder. In order to gain a dominant position in the competition, enterprises often take the form of malicious infringement. Many websites over-collect personal data and ask for personal ID number, address and other information when unnecessary.
2. The legal basis of privacy protection is weak.
There is no special law to protect personal privacy in China, and the provisions on citizens' privacy can be found in the Constitution, civil law, criminal law, civil procedure law and judicial interpretation in the Supreme People's Court. There is no direct and clear legislation on the protection of privacy in e-commerce in China.
3. The means of privacy protection is fragile.
In China, the right to privacy is indirectly protected through the protection of the right to reputation, although there are obvious differences between privacy and reputation. In the e-commerce environment, individuals often face many difficulties when seeking legal relief after their privacy rights are violated. The object of infringement is difficult to identify; Electronic evidence and burden of proof; Jurisdiction issues; Definition of responsibility and commitment of responsibility, etc. These problems also exist in traditional transactions, but in the e-commerce environment, the network has changed the traditional trading media and trading rules, and individuals are facing a more unfavorable situation than in the traditional environment, making these problems more prominent and difficult to solve, and there is a vacuum in the application of laws.
(3) Suggestions on improving the privacy protection of online consumers in China.
1. Determine the subject qualification for collecting personal data online.
At present, there is no legal guarantee for citizens' right to privacy in China, and the protection measures for personal data on the Internet are seriously lagging behind. Personally, the collection of personal data should first be standardized from the subject qualification. The common rule in the field of e-commerce is that network operators can collect personal data of customers or consumers for their own specific services or transactions. However, for some special industries, especially those closely related to personal data, whether they can be collected freely varies greatly from country to country. Personally, I think the practice of Taiwan Province Province is worth learning.
2. Establish the basic principles of personal data protection in e-commerce environment.
The development of e-commerce depends on users' trust in personal data security. Personally, the use of consumers' personal information should follow the following basic principles: ① Collect and use personal information according to law. ; ② Minimum principle. When business operators collect and use consumers' personal information for legitimate purposes, they should at least collect and use consumers' personal information on the premise of realizing the purpose. Using consumers' personal information beyond the necessary limit is an abuse of personal information, and the operator shall bear corresponding responsibilities; ③ The principle of explaining and informing consumers. Before collecting and using consumers' personal information, business operators shall explain to consumers the purpose of their collection and use. After collection and use, consumers shall be informed of the relevant situation; ④ The principle of ensuring the safety protection of consumers' personal information. Operators are obliged to take reasonable security protection measures for the collected data to ensure that consumers' personal information is not interfered by third parties.
3 science (teaching cases, papers, courseware, lesson plans) set exceptions or exemption clauses.
The development of Internet is inseparable from the rational use of personal data. There are contradictions and complementarities between "protecting privacy" and "ensuring information circulation". Therefore, it is decided that the basic human rights of citizens should not be violated, and privacy protection should not be an obstacle to the free flow of information, so as to play its economic value. Only by balancing the interests of the two can the law achieve "win-win" to the maximum extent. Therefore, when establishing the basic principles of personal data collection and use, we must scientifically set up exemption clauses (teaching cases, test papers, courseware and teaching plans).
4. Determine the right to privacy as an independent personality right.
Countries around the world pay more and more attention to the protection of personal privacy. Theoretically, the research on privacy and the protection of privacy in legislation and judicature are professional and integrated internationally. As a basic human right, the right to privacy should be an integral part of the independent personality right and the object of legal protection. Especially in today's increasingly popular Internet, people increasingly use the Internet as a tool for information transmission and exchange. This problem should attract the attention of the government, Internet service providers and netizens, and form a set of laws and enforcement mechanisms to protect network privacy in the whole society. Only in this way can human rights be complete and thorough.
5. Industry self-regulatory organizations should make corresponding provisions to guide industry self-discipline.
To strengthen the cultivation of network credit system, behavior self-discipline organizations have an unshirkable responsibility. Especially in the absence of effective legislative regulation of personal privacy on the Internet, industry self-discipline is an effective rule model, and even after the relevant laws are formulated, industry self-discipline still has important value and significance.
6. Strengthen international coordination.
Because the Internet is transnational, it needs international coordination to protect the right to privacy in the network and e-commerce, so that domestic laws can provide perfect privacy protection for domestic and foreign users, and at the same time, laws and institutions in other countries are needed to protect the right to privacy of domestic users. Therefore, it is necessary to improve the privacy protection system as soon as possible, coordinate with some corresponding countries, and put forward the requirements and standards for network privacy protection that everyone agrees with.