隱私保護政策是應對移動健康市場中個人信息濫用及泄露問題的核心舉措,現有研究對健康APP中隱私保護政策的關注較少,缺乏面向健康APP隱私保護政策文本的專門解讀。文章以5類代表性健康APP為例,以《信息安全技術個人信息安全規范》為框架,對其隱私保護政策進行內容分析。研究發現:我國個人信息保護政策未明確違規處罰措施;健康APP的隱私保護政策多數未達到個人信息安全的規范標準;健康APP企業較少設立單獨的用戶隱私團隊或部門;未成年信息保護是國內健康APP隱私保護政策中的薄弱環節。應制定面向隱私權保護的系統性法律法規,確保隱私保護政策法律法規的底層實施,構建企事業單位隱私保護組織與制度,細化未成年隱私保護政策。

Privacy protection policy is the core measure to deal with abuses and disclosure of personal information.However,existing studies do not pay sufficient attention to privacy protection in health apps and there is a lack of research on related policies.Taking representative health apps as examples,this study analyzes the contents of privacy protection policies based on Information Security Technology-Personal Information Security Specification.It is found that privacy protection policies in China do not specify the penalties for violation.Most policies do not meet the personal information security standards.Health app companies rarely have separated data privacy teams or departments.Protection of underage personal information is also weak today.In addressing these problems,there are needs to formulate systemic laws for privacy protection,ensure related policies and regulations be implemented,facilitate setting up privacy protection departments and systems in enterprises and institutions,and strengthen privacy protection policies for the underage.