电子商务环境下个人信息安全危机与法律保护对策探析

消费者个人信息对于传统营销模式向精准营销的转变具有决定性作用,这也决定了消费者个人信息非凡的商业价值。然而当前我国电子商务环境下个人信息的收集与使用存在大量安全隐患,消费者在强大的网络技术面前显得毫无隐私可言,这就需要不断完善我国网络环境下的个人信息保护的法律制度,维护网络消费者合法权益,保障电子商务产业的健康发展。     

论电子商务中消费者权益保护的法律完善

随着网络的迅速发展,传统的有形市场逐渐被网络空间所代替。这一新的市场环境,无论对个人的消费还是企业的经营方式都产生了巨大的影响。目前,电子商务中的消费者权益保护存在着诸多问题、电子商务网站也存在不少缺陷,解决网上消费者问题应采取相应的法律对策。     

电子商务环境下市场营销的变化

电子商务逐渐改变了传统的商业营销模式,本文从营销环境、消费者需求、电子商务对现代企业的影响三方面论述了企业必须有针对性的与时俱进才能把握未来的发展。     

电子商务中消费者权益保护问题之法律探析

保护消费者权益正日益成为一个国际性的运动,成为新的世界潮流,我国亦是如此。随着Internet的迅速发展,传统的有形市场逐渐被网络空间所代替。这一新的市场环境,无论对个人的消费还是企业的经营方式都产生了巨大的影响。目前,电子商务中的消费者权益保护存在着诸多问题、电子商务网站也存在不少问题,解决网上消费者问题应采取相应的法律对策。     

电子商务与消费者权益保护

本文首先分析了我国电子商务发展与消费者权益保护中存在的问题,然后介绍了美国、日本、韩国等在电子商务中保护消费者权益的有关法律法规和主要做法,最后对我国在电子商务发展过程中保护消费者权益方面提出了建议。     

电子商务中的消费者权益保护问题研究

电子商务以因特网为交易平台,而网络空间开放性、无国界的特点突破了传统商务在时间和空间上的限制,使电子商务获得了空前发展。但是电子商务发展过程中出现的种种损害消费者权益的情形给现行消费者权益保护法律带来了严峻挑战,也阻碍了电子商务的发展。在对电子商务背景下消费者权益保护中出现的问题进行深入分析的基础上,试图构建电子商务中的消费者权益保护体系,以期对相关立法有所裨益。     

国际电子商务环境下消费者权益的法律保护

国际电子商务是建立在经济全球化背景下的国际贸易活动,消费者权益保护是当中极其重要的内容,保护国际电子商务环境下消费者的合法权益,是网络经济背景下稳步发展国际电子商务的希望之路.本文从国际电子商务的特征出发,通过对目前国际电子商务环境下消费者权益保护存在的主要问题进行分析,针对性地提出了加强国际电子商务中消费者权益保护的战略性对策,以供读者参考.     

浅谈电子商务中消费者权益保护法律问题

电子商务在给消费者带来更便捷和经济服务的同时，也产生了对消费者权益保护不周的问题，本文试从电子商务给消费者权益保护带来影响角度出发，提出相关法律上的建议。     

电子商务中消费者权益保护的现状分析

随着当今信息社会的发展,人与人之间的信息交流范围也日益广泛,致使一种新兴事物——电子商务的出现.现如今,电子商务已融入了我们的生活,成为了我们生活必不可少的一部分,而网络中侵害消费者权益的现象也时有发生,面对此种现状,探索电子商务中消费者权益保护也成为当下学者的热议话题.本文在界定电子商务的基础之上,立足于电子商务立法的现状,提出当前法律规定的不足之处,以便更好的提出电子商务中消费者权利保护的完善措施,最终建立完善的电子商务消费者权益保护体系,保护消费者的合法权益.     

电子商务消费者权益保护的问题探讨

目前电子商务发展势头猛进,大有取代传统商业之势。但是与传统的商业交易相比,电子商务有其自身的特点,在这其中,消费者的权益保护也呈现出新的特点,如何在确保电子商务经济不断进步的同时,又有效保护消费者的正当权益,文章针对这一问题展开讨论,分析了电子商务消费者权益保护问题。     

大数据背景下个人生物识别信息安全的法律规制

个人生物识别信息具有个人数据的唯一性、程序识别性、可复制性、损害的不可逆性及信息的关联性等特征。在大数据背景下,个人生物识别信息的广泛应用会带来严重的生物信息安全风险,其滥用可造成隐私权、平等权和财产权等权益受到侵犯,需要立法进行全方位规制。我国目前个人生物信息的相关立法存在总体位阶较低且内容分散、保护范围狭窄、权利义务边界不清、法律责任不明晰等缺陷,应当采取渐进式专门立法的思路,完善现有相关部门法关于个人生物信息的规制内容,构建层次分明、内外协调的个人生物识别信息安全保护的法律体系。     

The future of consumer data protection in the E.U. Re-thinking the “notice and consent” paradigm in the new era of predictive analytics

The new E.U. proposal for a general data protection regulation has been introduced to give an answer to the challenges of the evolving digital environment. In some cases, these expectations could be disappointed, since the proposal is still based on the traditional main pillars of the last generation of data protection laws. In the field of consumer data protection, these pillars are the purpose specification principle, the use limitation principle and the “notice and consent” model. Nevertheless, the complexity of data processing, the power of modern analytics and the “transformative” use of personal information drastically limit the awareness of consumers, their capability to evaluate the various consequences of their choices and to give a free and informed consent.     

Singapore's Personal Data Protection legislation: Business perspectives

As global digitalisation of information and interconnecting technologies along with new marketing practices and business processes vastly increase the opportunities for data collection, storage, usage and delivery, there is a corresponding increase in consumer expectations of data privacy. These expectations must be met if business organisations are to promote consumer trust and confidence and maintain their overall competitiveness in a global market. It goes without saying that information is the most valuable business asset and “privacy is good business and information can be the basis of bigger business”. The need to protect data privacy has long been recognised and implemented by major trading nations. Surprisingly, Singapore as a financial centre and nation aspiring to be a trusted data hosting hub has been slow in enacting specific data protection laws. The first piece of legislation that has emerged is a light-touch baseline framework applicable to all organisations except the public sector. This article considers the new legislation from the business perspective and the implications for private sector business organisations facing the challenges of compliance.     

论服务责任--以消费者权益保护法为中心

现行的<消费者权益保护法>将服务责任与产品责任并列规定,但由于产品责任有<产品责任法>相配合,因此解释适用上没有什么疑义,而服务责任在构成要件、法律效果、抗辩事由等问题上并没有太明确的规范,尤其是在归责原则方面值得从立法政策上重新检讨,针对上述问题应重新审视我们现行的法律并做出相应的修正.     

Protecting the privacy and security of sensitive customer data in the cloud

The global ubiquity of cloud computing may expose consumers' sensitive personal data to significant privacy and security threats. A critical challenge for the cloud computing industry is to earn consumers' trust by ensuring adequate privacy and security for sensitive consumer data. Regulating consumer privacy and security also challenges government enforcement of data protection laws that were designed with national borders in mind. From an information privacy perspective, this article analyses how well the regulatory frameworks in place in Europe and the United States help protect the privacy and security of sensitive consumer data in the cloud. It makes suggestions for regulatory reform to protect sensitive information in cloud computing environments and to remove regulatory constraints that limit the growth of this vibrant new industry.     

Information asymmetries: recognizing the limits of the GDPR on the data-driven market

Online search engines, social media platforms, and targeted advertising services often employ a “data-driven” business model based on the large-scale collection, analysis, and monetization of personal data. When providing such services significant information asymmetries arise: data-driven companies collect much more personal data than the consumer knows or can reasonably oversee, and data-driven companies have much more (technical) information about how this data is processed than consumers would be able to understand. This article demonstrates the vulnerable position consumers continue to find themselves in as a result of information asymmetries between them and data-driven companies. The GDPR, by itself, is in practice unable to mitigate these information asymmetries, nor would it be able to provide for effective transparency, since it does not account for the unique characteristics of the data-driven business model. Consumers are thus faced with an insurmountable lack of transparency which is inherent in, as well as the inevitable consequence of, the magnitude of the information asymmetries present on the data-driven market.     

个人健康医疗信息和隐私权保护

Personal health care and medical treatment information are both personal information which can be used as a sign to identify each individual. Such information shall be under the control of the owner. The comprehensiveness of personal health care and medical treatment information makes it more valuable than the simplex personal information. The controlling right of personal health care and medical treatment information is irretrievable once deprived. The rights of controlling, managing and using regarding personal health care and medical treatment information can be separated appropriately. The right of privacy is an independent personality right. For the protection of public interests, the right of personal privacy shall be appropriately limited. Meanwhile, the government shall be responsible for the protection of personal health care and medical treatment information. Tang Xiaotian is a professor and supervisor in charge of the development and planning division of Shanghai University of Political Science and Law, and deputy General Secretary-in-chief of the Society of Law of Shanghai, whose main studies is focused on victim science, criminal law and criminology. Till now, he has 8 monographs and over 90 articles published in academic journals.     

The security of access to accounts under the PSD2

The revised Payment Services Directive (‘PSD2’) has been adopted to stimulate the development of an integrated internal market for payment services. In particular, it facilitates payment initiation services and account information services by granting the providers of these services access to the accounts of the payment service users. At the same time, the recitals state that the PSD2 guarantees a high level of consumer protection, security of payment transactions and protection against fraud.This paper answers the following question: To what extent does the access to accounts of the payment initiation service providers and account information service providers balance the development of the market for payment services with the security of the payment account and the privacy of the user? An analysis of the PSD2 shows that the development of the market for payment services has a higher priority. Security and privacy are ultimately subordinate.First, the PSD2 does not adequately protect the personal data of the users. The definition of ‘account information service’ is broad and covers a wide range of services. This allows the payment service providers to circumvent the limitations of the access to accounts.Next, the payment service providers have a ‘fall back option’ that allows ‘screen scraping’ if the dedicated interface is not functioning properly. Although this access is constrained by several safeguards, the fall back option gives the payment services provider unlimited access to the account of the user.Finally, the payment service providers have considerable freedom to arrange their authentication process as they see fit. The banks seem to be required to trust this process. The PSD2 and regulatory technical standards do not demand that a bank is able to verify the authentication or the integrity of the payment order.     

PERSONAL DATA PROTECTION: RETHINKING THE REASONS,NATURE, AND LEGAL FRAMEWORK

This paper rethinks the reasons for and the nature and means of personal data protection. The reasons for personal data protection are that it could promote the fairness and effectiveness of information flow, help individuals develop their independent personality, and equip them to deal with risks. With respect to the nature of personal data, this paper argues that such data should not be perceived from a purely individualistic point of view. Rather, there should be a contextualized understanding of the data, which considers the appropriate information flow of personal data within a particular context. Regarding the legal framework of personal data protection, this paper suggests that consumer protection law and public law are better equipped to protect personal data than tort, contract, or property law.     

Regulating mobile advertising in the European Union and the United States

Mobile advertising is a gradually developing component of the marketing mix that includes advertisements directed to or accessed on consumers' mobile devices. Growing concerns about the protection of the consumers' personal data are being raised since mobile advertising may become an extremely intrusive practice in an intimate personal space. Approaches of protecting the consumers' personal information differ greatly throughout the world. This article contrasts the regulatory environment in the European Union and in the United States applicable to the consumer's privacy and personal data used for mobile advertising purposes while also examining the effectiveness of each of these approaches.