The Office of the Privacy Commissioner today (12th) released a survey report on the privacy design of social media. It examined 10 of the most commonly used social media programs in Hong Kong, including Facebook, Instargram, Whatsapp, and WeChat, and found that the relevant programs can collect up to 19% of personal data. species, of which Facebook and Instargram are the most.
Individual programs also collect user location data, and the program's privacy policy also states that the information collected will be transferred to its affiliates.
As for communication security, WeChat is the only communication software among the media surveyed this time that does not use end-to-end encryption when users send messages; LINE does not provide two-factor authentication.
The PCPD reminds users that personal data disclosed on social media may be used for "bottoming", cyberbullying, phishing, or even other illegal acts.
The Privacy Department made six major recommendations to social media, including proactively addressing "bottoming," data extraction or other illegal practices, and restricting how users are searched.
The Office of the Privacy Commissioner released the "Review of Social Media Privacy Settings" report, which examines the ten most commonly used social media in Hong Kong, including facebook, facebook messenger, Instagram, Whatsapp, WeChat (WeChat) and YouTube.
(File photo/Photo by Lin Ruoqin)
The Office of the Privacy Commissioner released the "Review of Social Media Privacy Settings" report, which examines the ten most commonly used social media in Hong Kong, including Facebook, Facebook messenger, Instagram, Whatsapp, WeChat (WeChat) and YouTube. There are various types of personal data, as many as 12 to 19, and will collect the user's location data (whether it is the user's precise or rough location), and most social media will store the user's credit card information.
The report also pointed out that of the instant messaging software reviewed, only WeChat did not use end-to-end encryption when users send messages; as for account security, only LINE did not provide two-factor authentication.
Only Skype and YouTube presets hide user age and phone number
In terms of default privacy settings, Skype and YouTube both hide the user's age and phone number by default, while other social media that are reviewed default to disclose the user's age, location, email address or phone number, etc.
However, users of Facebook, LINE, WeChat and YouTube can post content to specific audiences or by preset groups, and can modify the privacy settings of the content after posting.
In addition, 10 media have drawn up privacy policies and stated that users' personal data will be transferred to their affiliates, whether users can easily understand the privacy policies, and the report believes that the privacy policies of Twitter, WeChat and YouTube are easy to read The social media with the highest score and less than full score are mainly due to the lack of pictures, tables or short videos to assist in explaining the privacy policy, while Twitter does not provide a Chinese version of the privacy policy. Users who do not understand English may have difficulty understanding how social media deals with personal Data Policy.
The Office of the Privacy Commissioner examines the top ten most used social media in Hong Kong, including facebook, facebook messenger, Instagram, Whatsapp, WeChat (WeChat) and YouTube.
Zhong Liling: Users need to be more vigilant when using social media
The Privacy Commissioner for Personal Data, Chung Lai-ling, reminded that when the public uses social media, there may be risks of personal data being abused, captured or exposed to the outside world. After being compiled by others, the public personal data can be used as a "bottom", "cyber-bullying" or "Phishing", and other illegal acts, cause users to suffer property damage and even physical or psychological harm.
She called on users to be more vigilant when using social media to reduce the risks posed by personal data.
Zhong Liling reminded that public personal data can be used for "bottoming", "cyberbullying" or "phishing" after being compiled by others, as well as other illegal activities.
(file picture)
The department said it has sent the report to various social media operators and provided six recommendations, including:
1. It should continue to adopt "Privacy Design" to improve its services, and provide users with more privacy-related functions to increase users' choices;
2. Avoid collecting personal data beyond the needs of the services provided;
3. Formulate a clear and easy-to-understand privacy policy, the words should not be vague and general, and use layered display, or use pictures, tables or short videos to assist in the explanation, so as to increase the readability of the privacy policy;
4. The location should not be The
tracking function is enabled by default;
5. End-to-end encryption and two-factor authentication functions should be provided to strengthen the protection of users' personal data
6. Actively respond to "bottom-up", "data capture" or other illegal behaviors to limit search user's way.
The department also made eight recommendations to social media users:
1. Before registering an account, carefully read the privacy policy of social media, open an email account specially designed for social media, and provide only necessary personal information;
2. Check the default security or privacy settings of social media, and The way individual social media searches for users, hide personal information and set the highest privacy authority;
3.
If you do not need to use the location tracking function in the device, consider turning off the relevant function;
Select the appropriate settings;
5. Before choosing instant messaging software, pay attention to whether the relevant software provides end-to-end encrypted transmission technology to enhance the confidentiality of transmitted data;
6. Use strong passwords and enable the two-factor authentication function of social media, To strengthen account security;
7. Try to avoid social media transactions under public Wi-Fi or unsecured Wi-Fi connections to reduce the risk of credit card data leakage;
8. Parents/guardians may consider enabling parental control functions , reminding children of the consequences of excessive disclosure or sharing of personal data
Vaccine Pass|Written by the Privacy Commissioner: Complying with the Privacy Ordinance Requires Encrypted QR Codes Personal Information Protection Law|Written by the Privacy Commissioner: Hong Kong Enterprises Need to Know and Follow the Privacy Commissioner's First "Unleashed" Arrest31 Man arrested in money dispute
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/6YC4LHNTEJCMDKANSWSMMIFMEM.jpg)
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/IAJ2IEL4MDY63GWO7GER2AP22E.jpg)