CN114580020B - Privacy compliance processing system, method, apparatus, storage medium, and program product - Google Patents

Privacy compliance processing system, method, apparatus, storage medium, and program product

Info

Publication number
CN114580020B
CN114580020B CN202210209839.0A CN202210209839A CN114580020B CN 114580020 B CN114580020 B CN 114580020B CN 202210209839 A CN202210209839 A CN 202210209839A CN 114580020 B CN114580020 B CN 114580020B
Authority
CN
China
Prior art keywords
privacy
information
user
authorization
personal information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210209839.0A
Other languages
Chinese (zh)
Other versions
CN114580020A (en
Inventor
刘纪雷
李成亮
于洁
逄志浩
马旭涛
高娜
邱爽
万永华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Youmeng Tongxin Beijing Technology Co ltd
Original Assignee
Youmeng Tongxin Beijing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Youmeng Tongxin Beijing Technology Co ltd filed Critical Youmeng Tongxin Beijing Technology Co ltd
Priority to CN202210209839.0A priority Critical patent/CN114580020B/en
Publication of CN114580020A publication Critical patent/CN114580020A/en
Application granted granted Critical
Publication of CN114580020B publication Critical patent/CN114580020B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application provides a privacy compliance processing system, a method, equipment, a storage medium and a program product, which comprises a server side and a privacy compliance component, wherein the server side is used for providing a privacy protocol editing page, acquiring privacy protocol information input by a provider of an application program in the privacy protocol editing page, the privacy compliance component is arranged in the application program, a user terminal provided with the application program is used for acquiring the privacy protocol information through the privacy compliance component and displaying the privacy protocol information and generating corresponding authorization information according to authorization operation of a user on at least part of the privacy protocol information and sending the authorization information to the server side, and the server side is also used for fixing the authorization information of the user, so that specialized privacy protocol information configuration and authorization fixing capability can be provided for a provider such as an enterprise client, the enterprise client is helped to prove that the application program accords with privacy compliance requirements, the operations such as privacy protocol editing and authorization information fixing and the like are effectively realized, and the processing efficiency and accuracy of privacy compliance are improved.

Description

Privacy compliance processing system, method, apparatus, storage medium, and program product
Technical Field
The present application relates to the field of data compliance, and in particular, to a privacy compliance processing system, a privacy compliance processing method, a privacy compliance processing device, a privacy compliance processing storage medium, and a privacy compliance processing program product.
Background
The rapid development of the internet makes the information exposure of users more and more serious, and related departments strengthen the requirement of meeting privacy compliance when acquiring the privacy information of the users for application programs.
In some technologies, the application program of the terminal can be successfully put on shelf through privacy compliance detection by applying flows of detecting, finding problems, applying rectification and the like. However, this method still has the risk that the privacy compliance requirements cannot be proved, and the steps are complicated and the customer experience is poor.
Disclosure of Invention
The embodiment of the application mainly aims to provide a privacy compliance processing system, a method, equipment, a storage medium and a program product, so as to solve the problem that an enterprise client is difficult to self-prove privacy compliance, improve the processing efficiency and accuracy of privacy compliance and improve the experience of the enterprise client.
In a first aspect, an embodiment of the present application provides a privacy compliance processing system, including a server and a privacy compliance component:
The server side is used for providing a privacy protocol editing page and acquiring privacy protocol information input by a provider of an application program in the privacy protocol editing page, wherein the privacy protocol information comprises at least one of a personal information list expected to be acquired by the application program and a personal information list expected to be shared with a third party;
The user terminal provided with the application program is used for acquiring the privacy protocol information through the privacy compliance component and displaying the privacy protocol information, generating corresponding authorization information according to the authorization operation of a user on at least part of the privacy protocol information, and sending the corresponding authorization information to the server;
The server is also used for fixing the authorization information of the user.
In a second aspect, an embodiment of the present application provides a privacy compliance processing method, where the method is applied to a server, and the method includes:
The method comprises the steps of acquiring privacy protocol information input by a provider of an application program on a privacy protocol editing page provided by the provider, wherein the privacy protocol information comprises at least one of a personal information list expected to be acquired by the application program and a personal information list expected to be shared with a third party;
The method comprises the steps of receiving authorization information sent by a user terminal provided with an application program through a privacy compliance component, wherein the authorization information is generated by the privacy compliance component according to authorization operation of a user on part of privacy protocol information, and the privacy compliance component is arranged in the application program;
and fixing the authorization information of the user.
In a third aspect, an embodiment of the present application provides a privacy compliance processing method, where the method is applied to a privacy compliance component, where the privacy compliance component is disposed in an application program, and a user terminal installs the application program, and the method includes:
The privacy protocol information is input by a privacy protocol editing page provided by a provider of an application program at a server, and comprises at least one of a personal information list expected to be acquired by the application program and a personal information list expected to be shared with a third party;
And generating corresponding authorization information according to the authorization operation of the user on at least part of privacy protocol information, and sending the corresponding authorization information to a server side so that the server side can fix the authorization information of the user.
In a fourth aspect, an embodiment of the present application provides an electronic device, including:
At least one processor, and
A memory communicatively coupled to the at least one processor;
Wherein the memory stores instructions executable by the at least one processor to cause the electronic device to perform the method of any of the above aspects.
In a fifth aspect, an embodiment of the present application provides a computer readable storage medium, where computer executable instructions are stored, and when executed by a processor, implement the method according to any one of the above aspects.
In a sixth aspect, embodiments of the present application provide a computer program product comprising a computer program which, when executed by a processor, implements the method of any of the above aspects.
The privacy compliance processing system comprises a server side and a privacy compliance component, wherein the server side is used for providing a privacy protocol editing page, acquiring privacy protocol information input by a provider of an application program on the privacy protocol editing page, the privacy protocol information comprises at least one of a personal information list expected to be acquired by the application program and a personal information list expected to be shared with a third party, the privacy compliance component is built in the application program, a user terminal provided with the application program is used for acquiring the privacy protocol information through the privacy compliance component and displaying the privacy protocol information, corresponding authorization information is generated and sent to the server side according to authorization operation of a user on at least part of the privacy protocol information, and the server side is further used for fixing the authorization information of the user, so that specialized, simplified and unified privacy protocol information configuration and authorization fixing capability can be provided for an application program provider such as an enterprise client, the enterprise client cannot only help the application program to conform to privacy compliance requirements, compliance of the enterprise client is enhanced, compliance of the privacy compliance requirements can be improved, and the privacy compliance performance of the enterprise client can be improved, the enterprise client can also be realized smoothly, the privacy compliance performance of the enterprise client can be improved, and the privacy compliance performance of the enterprise client can be realized.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present application;
fig. 2 is a schematic structural diagram of a privacy compliance processing system according to an embodiment of the present application;
FIG. 3 is a schematic diagram of device interaction according to an embodiment of the present application;
fig. 4 is a schematic diagram of a privacy compliance process according to an embodiment of the present application;
FIG. 5 is an interaction diagram of a privacy protocol management, authorization and fixing according to an embodiment of the present application;
fig. 6 is a schematic flow chart of generating a privacy authorization string according to an embodiment of the present application;
fig. 7 is a schematic diagram of a privacy protocol editing page according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a personal information list editing page according to an embodiment of the present application;
FIG. 9A is a schematic diagram of a third party shared personal information list editing page according to an embodiment of the present application;
FIG. 9B is a schematic diagram of an editing page of an associated party sharing list according to an embodiment of the present application;
FIG. 9C is a schematic diagram of an edit page of an SDK shared manifest according to an embodiment of the present application;
FIG. 9D is a schematic diagram of an editing page of a partner shared list according to an embodiment of the present application;
FIG. 10 is a schematic diagram of an authorized popup editing page according to an embodiment of the present application;
FIG. 11 is a schematic diagram of a pop-up button editing page according to an embodiment of the present application;
fig. 12 is a schematic diagram of a package authorization mode according to an embodiment of the present application;
FIG. 13 is a schematic diagram of a separate authorization mode per item provided by an embodiment of the present application;
fig. 14 is a flow chart of a privacy compliance processing method according to an embodiment of the present application;
fig. 15 is a flow chart of another privacy compliance processing method according to an embodiment of the present application;
Fig. 16 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Specific embodiments of the present application have been shown by way of the above drawings and will be described in more detail below. The drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but rather to illustrate the inventive concepts to those skilled in the art by reference to the specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.
First, the terms involved in the present application will be explained:
CMP Consent Manage Platform, data compliance and certification management platform.
CMPSDK an SDK (Software Development Kit ) provided by CMP for access by application developers in enterprise clients is an implementation carrier of the present solution.
Third party SDK-third party SDK integrated in application program, the information of system or user can be collected in application program operation.
RCString A special character string is generated according to a certain algorithm, and related information such as user authorization operation and the like is recorded in a specific format, and is called a privacy authorization character string for short.
The abstract is an information with any length, which can be generated by calculating the information through an abstract algorithm (such as a one-way Hash encryption function), and whether the information is changed can be judged by comparing the abstract corresponding to the received information with the original abstract.
The process of uploading the abstract to the blockchain can be regarded as one blockchain transaction, the blockchain transaction number can be generated after one transaction, and one blockchain transaction uniquely corresponds to one blockchain transaction number, and the blockchain transaction number is the voucher. Information for the blockchain transaction may be obtained through the voucher.
The application scenario and the inventive concept of the present application are explained below.
With the continual emphasis of various industries on user privacy and the promulgation and landing of related legal documents, the compliance of the provided application program with privacy compliance becomes a very important legal requirement for enterprises. Related departments check and punish application programs on the market for many times, and even put the application programs off the shelf, and the related problems mainly include that user information is not obtained through user authorization, user information is obtained in a super business range, user information and purposes are obtained through a third party SDK which is not written in a privacy policy, and the like. The relevant legal regulations also state that "handling personal information infringes personal information rights and interests causing damage, the personal information processor cannot prove that he or she is not by mistake and should take infringement responsibility such as damage compensation. Accordingly, each business needs to ensure "self-certification serum" in terms of privacy compliance and privacy security.
In view of the above, the application provides a technical scheme for realizing privacy protocol disclosure, compliance collection and compliance use, and provides a service end and a privacy compliance component, wherein the service end can be deployed in the domain or cloud of a provider of an application program, so that the specialization and simplification of a privacy protocol configuration process can be realized, the privacy compliance component can be deployed in a user terminal, various data compliance and certification fixing capabilities are provided through the privacy compliance component, the related purposes and requirements of personal information protection are met, and the provider is helped to 'self-certify and clean' in the aspects of privacy compliance and privacy safety, and the compliance attribute of the provider is enhanced.
In an embodiment of the present application, the provider may be any client capable of providing an application program, and may be, for example, an enterprise client (such as a software development company), an individual client (a single developer), a team client (a team made up of multiple developers), or the like.
Alternatively, when the provider is an enterprise client or a team client, the specific person interacting with the server may be any person in the enterprise client or team client. For example, when a software development company is used as a provider, an application may be written or published by a developer in the company, and privacy policies or viewing authorization information may be entered by an operation and maintenance person.
For convenience of description, the embodiment of the present application is illustrated by taking a provider as an enterprise client.
Fig. 1 is an application scenario diagram provided in an embodiment of the present application. As shown in fig. 1, the present application provides a server and a privacy compliance component, where the component may be in the form of an SDK, that is, a privacy compliance SDK, an enterprise client may edit or store privacy protocol information through the server, in addition, an APP developed by the enterprise client may be built with a privacy compliance SDK, each user terminal installed with the APP may obtain privacy protocol information from the server through the privacy compliance SDK, a double list may be transmitted in the privacy protocol information, and the privacy protocol information includes a personal information list that the APP expects to collect and a personal information list that expects to share with a third party, so that a user may authorize personal information, the privacy compliance SDK may feed back authorization information to the server, and the server may secure the privacy protocol information and an authorization result corresponding to the user.
In the application process, if the APP or the third party SDK needs to acquire the personal information of the user, a corresponding authorization result can be acquired from the privacy compliance SDK, and the personal information can be acquired under the condition that the user agrees to authorization is determined. When any user questions or mentions litigation on the acquisition behavior of the APP, the authorization behavior of the user can be confirmed through the fixed evidence result of the server.
Optionally, the technical scheme provided by the application can be applied to any scene requiring privacy protocol disclosure and personal information authorization.
In the live field, a user can watch video content through live software, a third-party SDK can be arranged in the live software, the third-party SDK can be payment software, and the requirement that the user purchases goods from the live software through the third-party SDK is met. When the live software is used for watching video content, the live software can collect position information, voice information and the like of a user, and when goods are required to be purchased, the third party SDK can collect bill information, position information and the like of the user. Wherein the third party SDK is a software development kit provided by a third party vendor that implements a function of the software product.
Optionally, the server side can provide a privacy protocol editing page for an enterprise user providing the live broadcast software, and acquire privacy protocol information input by the enterprise client on the privacy protocol editing page, wherein the privacy protocol information comprises at least one of a personal information list which is expected to be acquired by the live broadcast software provided by the enterprise client and a personal information list which is expected to be shared with a third party, the application program is internally provided with a privacy compliance SDK, a user terminal provided with the live broadcast software is used for acquiring the privacy protocol information through the privacy compliance SDK and displaying the privacy protocol information, and generating corresponding authorization information according to authorization operation of a user on at least part of the privacy protocol information and sending the corresponding authorization information to the server side, and the server side is further used for fixing the authorization information of the user.
Specifically, the live broadcast software may include a live broadcast service program for implementing a live broadcast service, and further includes a privacy compliance SDK and a third party SDK, such as a payment SDK, where the privacy compliance SDK may be used to communicate with a server.
The server may be configured to provide a privacy protocol editing page to obtain privacy protocol information. The privacy protocol information may also be called a privacy policy, and may include a double list, where one list includes personal information that the live service program desires to collect, such as image information, audio information, address book, etc., and another list includes personal information that the live service program desires to share with a third party, such as billing information, location information, etc.
The user may authorize the double manifest, allow the live service program and the third party SDK to desire to collect at least some personal information, or not allow any personal information to be collected. The privacy compliance SDK can record and upload the authorization information of the user, and when the live broadcast service program and the third party SDK need to acquire personal information, the authorization information can be queried first and then acquired.
Through the scheme, specialized and simplified privacy protocol information configuration and authorization and certification fixing processes can be provided for enterprise clients in the live broadcast field, complicated development work is not required to be carried out by the enterprise clients through professionals, the enterprise clients can be helped to smoothly realize a series of operations such as privacy protocol editing and authorization information certification fixing, the application program is proved to accord with privacy compliance requirements, the client operation can be simplified, and the experience degree of the enterprise clients is improved.
In addition, the embodiment of the application can be applied to other fields, for example, in the field of film and television, a user can watch programs through film and television episode software, a third party SDK can be arranged in the film and television episode software, and the third party SDK can also be payment software, so that the requirement of the user for purchasing members or other commodities through the third party SDK is met. When the movie episode software is used for watching programs, the live broadcast software can collect address book information, position information, voice information and the like of users, and when goods are purchased, the third party SDK can collect bill information and the like of the users.
Some embodiments of the present application are described in detail below with reference to the accompanying drawings. In the case where there is no conflict between the embodiments, the following embodiments and features in the embodiments may be combined with each other. In addition, the sequence of steps in the method embodiments described below is only an example and is not strictly limited.
Fig. 2 is a schematic structural diagram of a privacy compliance processing system according to an embodiment of the present application. The privacy compliance processing system provided by the embodiment of the application comprises a server side and a privacy compliance component.
The server side is used for providing a privacy protocol editing page and acquiring privacy protocol information input by a provider of an application program in the privacy protocol editing page, wherein the privacy protocol information comprises at least one of a personal information list expected to be acquired by the application program and a personal information list expected to be shared with a third party.
The application program is internally provided with a privacy compliance assembly, and the user terminal provided with the application program is used for acquiring the privacy protocol information through the privacy compliance assembly and displaying the privacy protocol information, generating corresponding authorization information according to the authorization operation of a user on at least part of the privacy protocol information, and sending the corresponding authorization information to the server.
The server is also used for fixing the authorization information of the user.
Alternatively, the server may be software, hardware, or a combination of software and hardware. The server can conduct fixing through a mode that the credibility meets the requirements, for example, fixing through a blockchain. The server side can directly display the privacy protocol editing page to the provider, and can also send the privacy protocol editing page to the enterprise terminal for display to the provider.
Alternatively, the server may specifically be a privacy Compliance Management Platform (CMP) provided with an editor, based on which privacy protocol editing pages may be provided to the provider. The provider may operate through the enterprise terminal. The personal information list comprises personal information expected to be collected by the application program during running, and the personal information shared by the third party comprises personal information shared by the application program to the third party service, and the personal information can be collected through a third party SDK arranged in the application program and sent to the third party service, or can be directly sent to the third party service by a service end of the application program.
In the live broadcast field, the live broadcast software collects personal information of a user according to a personal information list, and the payment software arranged in the live broadcast software collects the personal information according to the personal information list shared by a third party.
In this embodiment, the server may display a privacy protocol editing page to the provider, where the provider edits privacy protocol information, such as editing a personal information list and a personal information list that is expected to be shared with a third party, so as to obtain privacy protocol information and store the privacy protocol information in the server. Optionally, the server may display a privacy protocol editing page to the provider when receiving a privacy protocol editing request sent by the provider. For example, when the server detects that the provider clicks on a preset website, the privacy protocol information editing page is displayed to the provider.
For the user terminal, an application program is installed in the user terminal, and a privacy compliance component is built in the application program. For example, a privacy compliance Component (CMPSDK) may be provided in the live software. The application program needs to acquire the authorization information of the user before acquiring the user information. Specifically, when the preset condition is met, privacy protocol information corresponding to the application program can be obtained on line from the server through the privacy compliance component and displayed.
Besides the method for acquiring the privacy protocol information from the server side on line by the privacy compliance component, the privacy protocol information corresponding to the application program can be prefabricated in the privacy compliance component in advance, so that the privacy protocol information can be rapidly displayed when the authorization information of the user needs to be acquired, and the display efficiency is improved.
After the privacy protocol information is displayed, the user can perform authorization operation on at least part of the privacy protocol information, and the server side can generate corresponding authorization information and send the corresponding authorization information to the server side. After the server side acquires the authorization information uploaded by the privacy compliance component, the authorization information can be uploaded to the block link, so that the authorization information is fixed.
Alternatively, the authorization information may be used to indicate whether the user is authorized to collect personal information in the privacy policy. The authorization information may be, for example, the user authorizing the collection of all personal information mentioned in the privacy policy, or the user refusing to collect all personal information, or the user authorizing the collection of part of the personal information.
In addition, the authorization information may further include other information such as a user authorization time. The authorization information may include 4 elements, namely a temporary identity of the user, an occurrence time, an authorization result and an identifier of corresponding privacy protocol information, where the identifier of the corresponding privacy protocol information may specifically be a credential of the privacy protocol information during uplink certification.
Optionally, when the provider is faced with the related litigation of the user, the provider can take the related information obtained from the blockchain as evidence to prove that the collection of the personal information of the user is performed according to the authorized operation of the user, so that the self-evidence serum of the enterprise is realized.
In summary, the privacy compliance processing system provided by the embodiment comprises a server side and a privacy compliance component, wherein the server side is used for providing a privacy protocol editing page and obtaining privacy protocol information input by a provider on the privacy protocol editing page, the privacy protocol information comprises at least one of a personal information list expected to be collected by an application program provided by the provider and a personal information list expected to be shared with a third party, the privacy compliance component is built in the application program, a user terminal provided with the application program is used for obtaining the privacy protocol information through the privacy compliance component and displaying the privacy protocol information, corresponding authorization information is generated according to authorization operation of a user on at least part of the privacy protocol information and is sent to the server side, and the server side is further used for fixing the authorization information of the user, so that specialized, simplified and unified privacy protocol information configuration and authorization fixing capability can be provided for an application program provider such as an enterprise client.
Fig. 3 is a schematic diagram of device interaction according to an embodiment of the present application. As shown in fig. 3, the interaction between the server, the user terminal, the enterprise terminal, the blockchain, and other devices may be optionally involved in the privacy compliance process. The method comprises the main processes that when privacy protocol information is generated, a server displays a privacy protocol editing page to an enterprise terminal, and acquires the privacy protocol information sent by the enterprise terminal. When the authorization information of the user is obtained, the server displays the privacy protocol information on the user terminal and receives the authorization information uploaded by the user terminal. When the authorization information is fixed, the server side sends the authorization information to the blockchain, and when verification is needed, the server side obtains the certificate from the blockchain. The server may be deployed in a machine room of an enterprise client, and may also provide a shared server in a manner of SaaS (Software-as-a-Service).
In the interaction process of the server side and the enterprise terminal, after the enterprise client generates and issues the privacy protocol information based on the privacy editing page, the privacy protocol information can be updated. When the enterprise client needs to update the generated privacy protocol information, the operation process is the same as the process of generating the privacy protocol information for the first time, and the version of the generated privacy protocol information is updated. When the server stores privacy protocol information edited by different enterprise clients, in order to realize differentiation, the server can acquire the identification information of the enterprise clients and store the identification information and the privacy protocol information correspondingly. For example, the identification information may be an application identification.
And for the interaction process of the server and the user terminal, the privacy compliance component in the application program displays privacy protocol information to the user when the preset condition is met. The preset condition may be, for example, a scenario in which user authorization information needs to be acquired. The scenario may be, for example, that the user opens the application program for the first time, or that the privacy protocol information is updated, or that the current time is up to a preset duration from the time when the authorization information was last acquired. The preset conditions can be set according to the requirements of enterprise clients.
In practical application, the privacy compliance SDK may determine the user ID when the user opens the application program for the first time, and obtain the latest privacy protocol information corresponding to the application program from the server, and display the latest privacy protocol information to the user in a popup window.
After the privacy protocol information is displayed, the user can perform an authorization operation on at least part of the privacy protocol information, and the authorization operation can sort out personal information which is collected by the application program for the user. The application is not limited to the platform of the application program, and the application program can cover various application terminals, such as Android, iOS, applets, web and the like.
For the interaction process of the server side and the blockchain, after the server side acquires the authorization information, the authorization information can be processed and sent to the blockchain. When authorization information needs to be verified, credentials may be obtained from the blockchain, and based on the credentials, a determination may be made as to whether the user is authorized to gather certain personal information. When the enterprise faces the related litigation of the user, the certificate can be acquired from the blockchain as evidence to prove that the acquisition of the personal information of the user is carried out according to the authorized operation of the user, so that the self-certification of the enterprise is realized.
In one or more embodiments of the present application, optionally, the server is specifically configured to generate, according to authorization information of the user, a corresponding digest, send the generated digest to a blockchain for storage, and obtain a credential corresponding to the digest returned by the blockchain, where the digest and the credential are used for the provider, the user, or a judicial institution to verify the authorization information of the user.
Alternatively, when the corresponding digest is generated according to the authorization information of the user, the digest may be generated according to anonymization processing performed by a message digest algorithm. Optionally, one authorization information corresponds to one digest. The message digest algorithm may be a single Hash encryption function by which a digest is generated from an authorized message.
Besides fixing the authorization information, the privacy protocol information can be fixed, the process of fixing the privacy protocol information is the same as the process of fixing the authorization information, namely, the privacy protocol information is processed through an information summarization algorithm to obtain a corresponding summary, the obtained summary is sent to a blockchain for storage, and a certificate returned by the blockchain is received.
The method comprises the steps that privacy protocol information, authorization information and summaries and certificates corresponding to the privacy protocol information and the authorization information can be stored in a server, when a user main body needs to verify, whether the summaries and certificates stored in the server are consistent with the summaries and certificates stored in a blockchain or not is judged, and when the summaries and the certificates are consistent with the summaries and the certificates, the authorization information corresponding to the summaries stored in the server is not tampered. The user principal may be a provider of the application, a user, or a judicial organization, among others.
Optionally, the authorization information and the privacy protocol information may be associated and verified, for example, privacy policy credentials may be added to the authorization information, so as to determine privacy policy information pointed to by the authorization information.
Through the scheme, the abstracts and the certificates can be stored in the server side and the blockchain, verification of the authorization information is facilitated based on comparison of the abstracts and the certificates at the two ends, and authenticity and credibility of the authorization event are guaranteed.
In one or more embodiments of the application, optionally, a third party SDK is built in the application program, the application program is used for inquiring whether the application program is authorized to collect the personal information by a user through the privacy compliance component before any personal information is collected, and if so, a personal information collection interface is called to collect the personal information.
The third party SDK is used for inquiring whether a user authorizes sharing the personal information with the third party through the privacy compliance component before any personal information is acquired, and calling a personal information acquisition interface to acquire the personal information if the user authorizes sharing the personal information with the third party.
Fig. 4 is a schematic diagram of a frame of privacy compliance processing according to an embodiment of the present application, where, as shown in fig. 4, a privacy compliance component may feed back authorization information of a user to a server by means of a privacy compliance string. After the user authorization, personal information collection can be performed. The personal information collected by the application program can be sent to the application program service for processing, specifically, the personal information can be collected by a service processing module in the application program, such as a live broadcast service processing module in live broadcast software, and then sent to the application program service, and the personal information collected by the third party SDK can be sent to the third party service for processing. The personal information sent to the application service may be personal information collected by a user authorized application, and the personal information sent to the third party service may be personal information authorized by the user to be shared with the third party. The application program service and the third party service are equivalent to a service end of an application program and a service end providing a third party function, and can be deployed on a server or a cloud.
Illustratively, while the user is viewing the live view, the live software may wish to gather personal information of the user, such as location information, in order to recommend nearby live views to the user. If the application program directly collects the position information of the user, there is a possibility that the information collection is not compliant. Based on this, when the application program first judges whether the user authorizes the collection of any personal information before the collection of the personal information.
Specifically, the application program can inquire whether the personal information is authorized from the server side by calling the related interface of the privacy compliance component, and when the authorization is confirmed, the application program service is realized by calling the personal information acquisition interface to acquire the personal information. For example, after collecting location information of a user, recommending a nearby live view to the user may be implemented.
For example, the query process may be that an application program or a third party SDK sends query request information to the privacy compliance component, where the query request information includes a user ID and personal information to be collected. The privacy compliance component sends the query request information to the server, the server obtains a corresponding authorized personal information list through the user ID, queries the authorized personal information list, judges whether the personal information to be queried exists in the authorized personal information list, and if so, sends preset characters to the privacy compliance component. The privacy compliance component sends authorized or unauthorized information to the application program, and executes corresponding actions according to the authorization condition.
Or the query process can also be that the complete authorization information, such as a privacy authorization character string, is obtained from the server through the privacy compliance component, an authorized personal information list is obtained through the privacy protocol information and the privacy authorization character string, whether the personal information to be collected exists in the authorized personal information list is judged, a query result is obtained, and the query result is sent to the application program. Or the privacy compliance component can be cached with complete authorization information, and when the query is performed, the query is directly performed through the cached information.
When the third party SDK needs to collect personal information, the privacy compliance component is also invoked to query whether the user is authorized to share the personal information with the third party. The implementation process is similar to the process of collecting personal information by the application program, and is not repeated here.
When the privacy compliance component determines that the sender of the query request is the third party SDK, the server obtains the corresponding personal information list shared by the authorized third party through the querying party and the user ID, and queries the personal information list.
In practical applications, the above-described query process may be performed each time an application or a third party SDK collects information during operation.
Through the scheme, the authorized personal information acquisition of the user can be confirmed when the application program and the third party SDK acquire the information, the personal information acquisition is guaranteed to be a compliance operation each time, the information compliance requirement is met, and the user experience is improved.
The following describes in detail how the privacy compliance component obtains privacy protocol information from the server and generates authorization information according to the user's authorization operations.
In one or more embodiments of the application, optionally, the privacy compliance component includes a renderer and a tracker.
The renderer is used for acquiring the latest privacy protocol information from the server after acquiring a request for opening the privacy compliance page or popup window, rendering and generating the privacy compliance page or popup window according to the acquired privacy protocol information, and determining personal information of a user, which agrees with authorization, in the privacy compliance page or popup window.
The tracker is used for generating a corresponding privacy authorization character string according to personal information of user checking approval authorization and sending the privacy authorization character string to the server side so that the server side can conduct fixed evidence according to the privacy authorization character string, and/or recording exposure events of privacy compliance pages or popup windows of the user terminal and checking actions of the user and sending the exposure events and the checking actions of the user to the server side so that the server side conducts statistical analysis on the exposure events and the checking actions corresponding to the application program.
Fig. 5 is an interaction diagram of management, authorization and fixing of a privacy protocol according to an embodiment of the present application. As shown in fig. 5, the renderer and tracker may be provided in a privacy compliance component and the editor may be provided in a server. The numbers in the figures represent the steps performed for the management, authorization and fixing of the privacy protocol.
The process of generating the privacy protocol information is (corresponding to step 1 to step 3 of fig. 5) that the enterprise client edits the privacy protocol information on line through an editor provided by the server. After editing the privacy protocol information, the privacy protocol information may be published to the server, and after performing the publishing action, the privacy compliance component may obtain the privacy protocol information from the server. In order to facilitate modification of privacy protocol information by enterprise clients, the privacy protocol information can be stored in a server in addition to issuing actions. The server side can fix the privacy protocol information after acquiring the privacy protocol information.
The process of displaying the privacy protocol information to the user is (corresponding to steps 4 to 7 of fig. 5) that the user sends a request for opening the privacy compliance page or popup window to the renderer, wherein the triggering condition for generating the request is a scene where the user authorization information needs to be acquired, such as opening the application program for the first time, and the foregoing parts are described in detail. When the renderer receives the request, a popup exposure event is recorded to the tracker, and the service end is convenient to carry out statistical analysis through the popup exposure event, so that enterprise clients know the agreement and rejection condition of the user on privacy protocol information. Meanwhile, the renderer can also send a request for pulling the latest privacy protocol information to the server. Alternatively, when the latest privacy protocol information is acquired, version information of the privacy protocol information may be compared, and the highest version of the privacy protocol information is determined as the latest privacy protocol information. The server side sends the latest privacy protocol information to the renderer, and the renderer renders the page after receiving the privacy protocol information so as to display the privacy protocol information to the user.
When the renderer pulls the latest privacy protocol information from the server, TYPESCRIPT may be used to indicate the format of the content of the privacy protocol. Optionally, the privacy compliance page or popup window can be displayed by a raw field representing text content of the privacy protocol popup window, a blocks field representing a two-dimensional array, two-dimensional data representing paragraph division and style division, each block representing a piece of content, a blocks field representing text content of a current element or a current position, a blocks field representing text style of the current element, a blocks field representing entity content of the current element, for example, a hyperlink form, the text content can be expanded into content such as pictures, videos, audios and the like, the text content and the entity content form rich text, and a settings field representing global style of the current rich text popup window can comprise information such as title content, color, button content, color and the like.
The authorization operation of the user is processed (corresponding to step 8 to step 10 in fig. 5) in such a way that the user can check the privacy protocol content on the page, and the user can check the personal information collected by the agreeing application program from the list. The renderer can determine personal information of approval authorization which is checked by the user after receiving the checked privacy agreement information. Meanwhile, the checking action can be recorded to the tracker, and the tracker can generate a privacy authorization character string after receiving personal information checked by the user. After the privacy authorization character string is obtained, the privacy authorization character string can be sent to the server side so as to realize that the server side can fix the privacy authorization character string.
Fig. 6 is a flowchart illustrating a process of generating a privacy authorization string according to an embodiment of the present application. As shown in fig. 6, the privacy protocol information may be stored in a tree structure, and when generating the privacy compliance string, configuration content of the tree structure may be read, tree structure nodes may be traversed, whether the nodes may be checked may be determined, and a node check state may be recorded when the nodes may be checked. After traversing all nodes, structured data can be generated and converted into intermediate state strings in binary format, the binary format strings are cut and segmented, the binary format strings are respectively converted into decimal format, the decimal format is converted into base64 coding characters, and RCstring (privacy compliance character strings) are assembled and generated. Therefore, the SDK can convert and encode the authorization information of the user to obtain the character string with a specific format, and the efficiency and the accuracy of data transmission are improved.
In addition, in order to facilitate enterprise clients to know the agreement and rejection condition of the user on the privacy protocol information, the tracker can record exposure events of the privacy compliance page or popup window of the user terminal, namely, the user can trigger the sequential recording action when seeing the privacy protocol. The tracker can also send the recorded checking actions of the user to the server, and the server can perform statistical analysis after receiving the exposure event and the checking actions. Specifically, the number of times of exposure events in a period of events and the number of times of user checking actions can be counted, and the proportion of the user agreeing to collect personal information in the period of time can be obtained. Furthermore, the authorization condition of a specific personal information can be analyzed, so that the setting efficiency and experience of enterprise clients can be improved.
In summary, by arranging the renderer in the privacy compliance assembly, the latest privacy protocol information can be acquired from the server, the instantaneity and accuracy of acquiring the privacy protocol information by the user are improved, the server is convenient to conduct fixed certificate operation by generating a privacy authorization character string through the tracker, and by counting exposure events and checking events, enterprise clients can conveniently analyze the operation of all users, and the efficiency and experience of the enterprise clients in statistical analysis are improved.
In one or more embodiments of the application, optionally, the tracker is further configured to:
When the renderer acquires personal information which is approved by the user and checked, the application program or the third party SDK is informed of the personal information which is approved by the user under the condition that a query request sent by the application program or the third party SDK is not acquired, wherein the query request is sent when the application program and the third party SDK need to acquire the personal information of the user.
Both the application and the privacy compliance component need to be initialized, but the initialization may not be serial, which may result in the user's personal information being collected when the application has been initialized. When personal information is collected, an application program or a third party SDK may send a query request to the privacy compliance component to confirm whether the user is authorized, but when the privacy compliance component is initialized for a long time, the query request sent by the application program or the third party SDK may be missed.
Based on the above, the application or the third party SDK is notified by the tracker in the privacy compliance component immediately after confirming the user's authorization. Wherein the tracker indicates confirmation of user authorization when it acquires personal information of user's approval authorization from the renderer. When the user authorization is confirmed but the query request sent by the application or the third party SDK is not received, the application or the third party SDK may be notified of personal information that agrees with the authorization. The situation that personal information cannot be collected in time due to the fact that an application program or a third party SDK is in a waiting state in a consistent mode and the privacy compliance component does not send authorized information can be avoided. The above procedure corresponds to step 11 in fig. 5.
By the aid of the process, the problem that the application program cannot collect personal information due to the fact that the privacy compliance assembly is too long in initialization time is avoided, and stability of the application program in collecting the personal information is improved.
And finally, after the server acquires the checking action of the user, the checking action is subjected to fixed evidence, and optionally, a corresponding abstract is generated according to the authorization information and is sent to a blockchain process. The above procedure corresponds to step 12 in fig. 5.
When privacy protocol information is generated according to the editing page of the privacy protocol, a text box, a button, a link and the like can be arranged in the privacy protocol editing page, so that enterprise clients can conveniently input the privacy protocol information.
In one or more embodiments of the present application, optionally, when the server side provides a privacy protocol editing page, the method is specifically used for when the provider of the application program obtains privacy protocol information input by the provider of the application program in the privacy protocol editing page:
The privacy protocol editing page is displayed to the provider through the provider terminal, wherein the privacy protocol information further comprises protocol content, and the privacy protocol editing page comprises a text box for inputting the protocol content, a button for adding a personal information list and a link of a personal information list example.
And responding to the operation of clicking the button on the privacy protocol editing page by the user, and displaying a corresponding personal information list editing page, wherein the personal information list editing page comprises at least one of personal information list names, descriptions and personal information tables.
And generating corresponding privacy protocol information according to the content input by the user on the privacy protocol editing page and the personal information list editing page.
The provider terminal may be a terminal device used by a provider, for example, when the provider is an enterprise client, the provider terminal may be a terminal device used by the enterprise client.
Fig. 7 is a schematic diagram of a privacy protocol editing page according to an embodiment of the present application. As shown in fig. 7, when the enterprise client edits the privacy protocol information by requesting, the server may present the privacy protocol editing page shown in fig. 7 on the enterprise terminal (terminal device of the enterprise client) so that the user edits the privacy protocol information on the page. The privacy protocol information may include privacy protocol content besides the double list, and the privacy protocol content may be notification content or guidance content for the user, for example, notifying the user how to collect personal information, how to operate the user for authorization, etc.
A text box can be set on the privacy protocol editing page so as to realize the input of the enterprise client on the privacy protocol content. Further, related buttons for setting fonts in the privacy protocol content, such as font style, font size, color, line height, word spacing and the like, are also arranged on the privacy protocol editing page. The setting of fonts by the user can be achieved by providing relevant buttons.
In addition, a button for adding the personal information list can be further arranged, when the enterprise client clicks the button, the server side can respond to the operation of clicking the button, and the editing page of the personal information list is displayed, so that the editing of the content for collecting the personal information under different scenes is realized.
Further, in order to improve the efficiency of editing the personal information list by the enterprise client, a link of the personal information list example can be set on the privacy protocol editing page, the personal information list example is displayed by clicking the link, and the personal information list can be quickly generated by referring to the personal information list example.
Fig. 8 is a schematic diagram of a personal information list editing page according to an embodiment of the present application. As shown in fig. 8, the edit page of the personal information list includes a personal information list name, a description, and a personal information table. The name of the personal information list is the name of privacy protocol information stored by the server, such as version one, version one and the like, so that the enterprise client can conveniently check the privacy protocol information.
The personal information table includes scene/business functions, personal information categories, and collection purposes. The scene/service function refers to a scene of collecting personal information, in the payment software, the scene/service function is a scene of user payment, transfer and the like, and the corresponding personal information type is bill information, so that the user can check the bill conveniently. And in live broadcast software, when the scene/service function is to view the nearby user, the corresponding personal information type is position information, so as to accurately recommend the nearby user to the user. The buttons for adding the scene/service functions can be arranged to realize the setting of personal information to be acquired under different scene/service functions. And a scene/service function can correspond to at least one personal information type and purpose, and a selection button for adding or not adding additional information can be arranged in the page.
Meanwhile, a button for adding the personal information list shared by the third party can be arranged on the privacy protocol editing page, and when the enterprise client clicks the button, the server side can respond to the operation of clicking the button to display the personal information list editing page shared by the third party, so that the editing of the contents of personal information required to be acquired by different third parties is realized.
Fig. 9A is a schematic diagram of a third party shared personal information list editing page according to an embodiment of the present application. As shown in fig. 9A, a list name, description, and personal information table are also included. The list names and descriptions are similar to those of the personal information list editing page, and will not be repeated here. The personal information table herein may include a third party name, a function type, an operator, a link address, personal information, a purpose, and the like.
In one or more embodiments of the present application, the list of personal information that the application desires to collect, and/or the list of personal information that the application desires to share with third parties, may optionally be more finely categorized according to relevant legal requirements and the actual needs of the customer.
By way of example, the personal information inventory that is desired to be shared with the third party may include at least one type of inventory of an associated party share inventory (also referred to as an associated APP inventory), an SDK share inventory (also referred to as an embedded SDK inventory), a partner share inventory (also referred to as a partner third party inventory). For details, reference is made to table 1.
Table 1 third party shared inventory example
Optionally, when the privacy agreement editing page is displayed to the enterprise client, examples may be provided for each type of personal information list, so that the enterprise client may edit for each type of personal information list. Accordingly, in the page shown in fig. 7, an example link to each type of manifest may be given, and a button to add each type of manifest may also be given.
Fig. 9B is a schematic diagram of an edit page of a related party sharing list according to an embodiment of the present application. Fig. 9C is a schematic diagram of an edit page of an SDK sharing list according to an embodiment of the present application. Fig. 9D is a schematic diagram of an edit page of a shared list of parties according to an embodiment of the present application.
As shown in fig. 9B to 9D, in the edit page of each type of manifest, the enterprise client is allowed to input a manifest name, a company name of each third party (the associated party or the SDK or the partner), a privacy protocol link, a shared information range (which personal information the APP is allowed to share to the third party), a purpose use, and the like.
When the user inputs or selects information on each editing page, privacy protocol information may be generated according to the input or selected content.
By setting the privacy protocol editing page and the personal information list editing page, a visual page can be provided for the enterprise client, and the enterprise client can conveniently input privacy protocol information. Meanwhile, the requirements of customers are met by providing specialized templates.
In order to improve the use experience of enterprise clients, a display interface for customizing the privacy authorization popup window can be further realized.
In one or more embodiments of the present application, optionally, the server is further configured to:
And displaying an authorized popup editing page to the provider of the application program through the provider terminal, wherein the authorized popup editing page is used for editing a privacy compliance page or popup displayed by a user side by the provider, and comprises a title, content, a link for inserting privacy protocol information in the content and an editing page of a button in the privacy compliance page or popup.
The privacy compliance component is further used for acquiring information input by the provider on the authorized popup editing page from the server after acquiring a request for opening the privacy compliance page or popup, and generating the privacy compliance page or popup according to the acquired information.
Fig. 10 is a schematic diagram of an authorized popup editing page according to an embodiment of the present application. As shown in fig. 10, when a request for editing an authorized popup sent by an enterprise client to a server is received, the server responds to the request and displays the authorized popup editing page to the enterprise client through an enterprise terminal. The authorized popup editing page is a visual editing page, and can be used for setting the popup style by enterprise clients. The popup content may be content specifically shown to the user in the popup, and the content may be set by the enterprise user according to actual needs, for example, the popup content may include specific content of a privacy protocol, or may include content guiding the user to perform authorization, or may include a link of privacy protocol information inserted into the content, so as to enable the user to display specific privacy protocol information after clicking the link.
Further, the style of the buttons in the popup window can also be set. Fig. 11 is a schematic diagram of a popup button editing page according to an embodiment of the present application. As shown in fig. 11, a page or a popup window of the user terminal may be provided with a consent button and a disagreement button, an arrangement manner of the two buttons may be selected, a left-right arrangement manner and a top-bottom arrangement manner, and information such as a filling color, a frame color, a text color, and content may be provided for each button.
After the setting of the display interface of the popup window by the enterprise client is completed, the privacy compliance component can acquire information input by the enterprise client on the authorized popup window editing page from the server after receiving a request for opening the privacy compliance page or the popup window triggered by the user, and further generate the privacy compliance page or the popup window according to the acquired information rendering, so that the privacy compliance page or the popup window is displayed on the user terminal.
Through the setting of the authorized popup editing page, a visual page can be provided for enterprise clients, the enterprise clients can customize the privacy compliance page or the display interface of the popup conveniently, the efficiency of page or popup setting is improved, and the customization demands of different enterprise clients are met.
Further, given that the user may not wish the application to collect all the required personal information in some scenarios, a single authorization mode and a package mode are provided for the user to choose from.
In one or more embodiments of the present application, optionally, the privacy compliance page or popup includes an agreement button, a disagreement button, and a single authorization button, and when determining that the user has checked personal information agreeing to authorization in the privacy compliance page or popup, the privacy compliance component is specifically configured to:
The method comprises the steps of selecting a single authorization button by a user, displaying a personal information list expected to be collected by the application program and/or a personal information list expected to be shared with a third party in response to the operation of pressing the single authorization button by the user, determining that the user checks personal information agreeing to authorization in the personal information list expected to be collected by the application program and/or the personal information list expected to be shared with the third party, and/or determining that the user agrees to authorization to collect all personal information or does not agree to authorization to collect personal information in response to the operation of selecting the agreeing button or the disagreeing button by the user.
Fig. 12 is a schematic diagram of a package authorization mode according to an embodiment of the present application. Fig. 13 is a schematic diagram of a separate authorization mode according to an embodiment of the present application. In fig. 12, an agreeing button, a disagreeing button, and a pressing individual authorization button are included in the privacy compliance page or pop-up window for selection by the user. When the user does not wish the application to collect all the required personal information, the individual authorization button can be clicked to display the schematic diagram shown in fig. 13. As shown in fig. 13, a list of personal information that the application program desires to collect and/or a list of personal information that the application program desires to share with a third party is shown, where protocol information one, protocol information, etc. may be used to represent various personal information, so that a user may select a button corresponding to some personal information that the application program may collect. In addition, when the user performs authorization in the package authorization mode, the consent or disagreement button shown in fig. 12 may be selected to indicate that the user agrees to the application to collect all personal information or disagrees to the user to collect all personal information.
In practice, when the live broadcast software desires to collect the location information, the voice information and the address book information of the user, if the user does not desire to collect the address book information by the live broadcast software, the user may set the device in a mode of individually authorizing the items, select a button corresponding to the location information and the voice information, click the button which agrees to the selected item, and determine that the application program can collect the two personal information, namely the location information and the voice information.
In addition, the application also supports the modification of the authorization content after the user confirms the authorization information, namely, the corresponding button is arranged on the user terminal, and the modification and submission of the authorization content are carried out after the button is clicked, so that the user can modify the authorization information conveniently.
Through providing two authorization modes, the user can select according to own requirements, the experience of the user during authorization is improved, the personalized requirements of the user are met, the possibility that the user agrees to the application program to acquire certain personal information is also improved, and the popularization and the application of the application program are facilitated.
The privacy compliance component of the present application also provides some API interfaces for application developers to call. Illustratively, sdk.init (opts) is an interface for initializing a privacy compliance component, sdk.setConcentUserId (ID) is an interface for recording a user ID, which is invoked by an application during initialization, so that the privacy compliance component obtains the user ID, which may be a user temporary identity. The sdk.getConsent (consentItemId) is an interface for acquiring the authorization condition of a certain personal information, can be used for calling an application program or a third party SDK in a query stage, acquiring the authorization condition of the certain personal information, and determining whether to acquire corresponding personal privacy information according to the result. sdk.setpresent (consentItemId, isAgree) is an interface that sets whether a user's authorization is granted, and when the user is checking the personal information item that grants the authorization, invoking the interface will cause the privacy compliance component to modify the corresponding status data, but not submit, and when the user clicks to confirm, submit. The sdk.submit is an interface for submitting the authorization result under the self-rendering condition of the provider, and optionally, the application program can render the privacy compliance page or popup by itself under the condition of not calling the privacy compliance component and acquire the authorization information of the user, and in this case, the interface can be called to submit the authorization information to the server side so as to perform the certification fixing operation.
Fig. 14 is a flow chart of a privacy compliance processing method according to an embodiment of the present application. The method is applied to the server side. As shown in fig. 14, the method includes:
step 1401, acquiring privacy protocol information input by a provider of an application program on a privacy protocol editing page, wherein the privacy protocol information comprises at least one of a personal information list expected to be acquired by the application program and a personal information list expected to be shared with a third party;
step 1402, receiving authorization information sent by a user terminal provided with an application program through a privacy compliance component, wherein the authorization information is generated by the privacy compliance component according to authorization operation of a user on part of privacy protocol information, and the privacy compliance component is arranged in the application program;
step 1403, fixing the authorization information of the user.
The implementation principle and technical effects of the privacy compliance processing method provided in this embodiment can be referred to the foregoing embodiments, and will not be described herein again.
Fig. 15 is a flowchart of another privacy compliance processing method according to an embodiment of the present application. The method is applied to a privacy compliance component, the privacy compliance component is arranged in an application program, and the application program is installed on a user terminal. As shown in fig. 15, the method includes:
step 1501, acquiring and displaying the privacy protocol information, wherein the privacy protocol information is input by a privacy protocol editing page provided by a provider of an application program at a server, and comprises at least one of a personal information list expected to be acquired by the application program and a personal information list expected to be shared with a third party;
step 1502, according to the authorization operation of the user for at least part of the privacy protocol information, corresponding authorization information is generated and sent to the server, so that the server can perform a fixed certificate on the authorization information of the user.
The implementation principle and technical effects of the privacy compliance processing method provided in this embodiment can be referred to the foregoing embodiments, and will not be described herein again.
Corresponding to the method, the embodiment of the application also provides a privacy compliance processing device, which is applied to the server, and the device comprises:
The system comprises a first acquisition module, a second acquisition module and a third party, wherein the first acquisition module is used for acquiring privacy protocol information input by a provider of an application program on a privacy protocol editing page, and the privacy protocol information comprises at least one of a personal information list expected to be acquired by the application program and a personal information list expected to be shared with the third party;
The system comprises a receiving module, a privacy compliance component, a privacy protocol information acquisition module and a privacy protocol information display module, wherein the receiving module is used for receiving authorization information sent by a user terminal provided with an application program through the privacy compliance component, the authorization information is generated by the privacy compliance component according to authorization operation of a user on part of privacy protocol information, and the privacy compliance component is arranged in the application program;
and the fixed certificate module is used for fixing the authorization information of the user.
The embodiment of the application also provides a privacy compliance processing device which is applied to a privacy compliance assembly, wherein the privacy compliance assembly is arranged in an application program, and a user terminal is provided with the application program, and the device comprises:
The second acquisition module is used for acquiring and displaying the privacy protocol information, wherein the privacy protocol information is input into a privacy protocol editing page provided by a provider at a server, and the privacy protocol information comprises at least one of a personal information list expected to be acquired by the application program and a personal information list expected to be shared with a third party;
the processing module is used for generating corresponding authorization information according to the authorization operation of the user on at least part of privacy protocol information and sending the corresponding authorization information to the server side so that the server side can conduct fixed authentication on the authorization information of the user.
The specific implementation principle and technical effect of each device provided in the embodiment of the present application can be referred to the foregoing embodiments, and will not be described herein.
Fig. 16 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 16, the electronic device of the present embodiment may include:
At least one processor 1601, and
A memory 1602 communicatively coupled to the at least one processor 1601;
Wherein the memory 1602 stores instructions executable by the at least one processor 1601 to cause the electronic device to perform the method as described in any of the embodiments above.
Alternatively, the memory 1602 may be separate or integrated with the processor 1601.
The implementation principle and technical effects of the electronic device provided in this embodiment may be referred to the foregoing embodiments, and will not be described herein again.
The embodiment of the application also provides a computer readable storage medium, wherein computer executable instructions are stored in the computer readable storage medium, and when a processor executes the computer executable instructions, the method of any of the previous embodiments is realized.
Embodiments of the present application also provide a computer program product comprising a computer program which, when executed by a processor, implements a method as described in any of the preceding embodiments.
In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple modules may be combined or integrated into another system, or some features may be omitted or not performed.
The integrated modules, which are implemented in the form of software functional modules, may be stored in a computer readable storage medium. The software functional modules described above are stored in a storage medium and include instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or processor to perform some of the steps of the methods described in the various embodiments of the application.
It should be appreciated that the Processor may be a central processing unit (Central Processing Unit, abbreviated as CPU), or may be other general purpose Processor, digital signal Processor (DIGITAL SIGNAL Processor, abbreviated as DSP), application SPECIFIC INTEGRATED Circuit (ASIC), or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in a processor for execution. The memory may comprise a high-speed RAM memory, and may further comprise a non-volatile memory NVM, such as at least one magnetic disk memory, and may also be a U-disk, a removable hard disk, a read-only memory, a magnetic disk or optical disk, etc.
The storage medium may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an Application SPECIFIC INTEGRATED Circuits (ASIC). It is also possible that the processor and the storage medium reside as discrete components in an electronic device or a master device.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present application.
The foregoing description is only of the preferred embodiments of the present application, and is not intended to limit the scope of the application, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.

Claims (10)

1. The privacy compliance processing system is characterized by comprising a server side and a privacy compliance component;
The server side is used for providing a privacy protocol editing page, acquiring privacy protocol information input by a provider of an application program in the privacy protocol editing page and storing the privacy protocol information, wherein the privacy protocol information comprises at least one item selected from a personal information list expected to be acquired by the application program and a personal information list expected to be shared with a third party;
the user terminal provided with the application program is used for acquiring the privacy protocol information from the server through the privacy compliance component and displaying the privacy protocol information, generating corresponding authorization information according to the authorization operation of a user on at least part of the privacy protocol information, and sending the corresponding authorization information to the server;
The server is also used for receiving the authorization information of the user and sending the authorization information to the blockchain for storage so as to acquire a certificate from the blockchain when verification is required;
The application program is internally provided with a third party SDK;
before any personal information is collected, the application program is used for inquiring whether a user authorizes the application program to collect the personal information from the server by calling a related interface of the privacy compliance assembly;
The third party SDK is used for inquiring whether a user authorizes sharing the personal information with a third party or not through the privacy compliance component before any personal information is acquired;
The privacy compliance component includes a renderer and a tracker;
the renderer is used for acquiring the latest privacy protocol information from the server after acquiring a request for opening the privacy compliance page or popup window, and rendering and generating the privacy compliance page or popup window according to the acquired privacy protocol information;
the tracker is used for generating a corresponding privacy authorization character string according to personal information of user checking approval and sending the privacy authorization character string to the server so that the server can conduct fixed evidence according to the privacy authorization character string, and/or recording exposure events of privacy compliance pages or popup windows of the user terminal and checking behaviors of the user and sending the exposure events and the checking behaviors of the user to the server so that the server conducts statistical analysis on the exposure events and the checking behaviors corresponding to the application program;
the tracker is also configured to:
When the renderer acquires personal information of approval of the user, and under the condition that a query request sent by the application program or the third party SDK is not acquired, the application program or the third party SDK is informed of the personal information of approval of the user;
The query request is sent when the application program and the third party SDK need to collect personal information of the user.
2. The system of claim 1, wherein the server is specifically configured to generate a corresponding summary according to the authorization information of the user, send the summary to a blockchain for storage, and obtain a credential corresponding to the summary returned by the blockchain;
Wherein the digest and the credential are used for the provider, the user, or a judicial authority to verify the authorization information of the user.
3. The system according to claim 1 or 2, wherein when the server side provides the privacy protocol editing page, the server side obtains the privacy protocol information input by the provider of the application program in the privacy protocol editing page, the server side is specifically configured to:
the privacy protocol editing page is displayed to the provider of the application program through the enterprise terminal, wherein the privacy protocol information further comprises protocol content, and the privacy protocol editing page comprises a text box for inputting the protocol content, a button for adding a personal information list and a link of a personal information list example;
Responding to the operation of clicking the button on the privacy protocol editing page by a user, and displaying a corresponding personal information list editing page, wherein the personal information list editing page comprises at least one of personal information list names, descriptions and personal information tables;
And generating corresponding privacy protocol information according to the content input by the user on the privacy protocol editing page and the personal information list editing page.
4. The system according to claim 1 or 2, wherein the server is further configured to:
Displaying an authorized popup editing page to a provider of the application program through a provider terminal, wherein the authorized popup editing page is used for editing a privacy compliance page or popup displayed by a user side by the provider, and comprises a title, content, a link for inserting privacy protocol information in the content and an editing page of a button in the privacy compliance page or popup;
the privacy compliance component is further used for acquiring information input by the provider on the authorized popup editing page from the server after acquiring a request for opening the privacy compliance page or popup, and generating the privacy compliance page or popup according to the acquired information.
5. The system of claim 1, wherein the privacy compliance page or the popup includes an agreement button, a disagreement button, and a separate authorization button, and wherein the privacy compliance component, upon determining that the user has hooked the personal information of the agreement authorization in the privacy compliance page or the popup, is specifically configured to:
In response to a user selecting an individual authorization button, a personal information list expected to be collected by the application program and/or a personal information list expected to be shared with a third party are displayed, the user is determined to sort out personal information agreeing to authorization from the personal information list expected to be collected by the application program and/or the personal information list expected to be shared with the third party, and/or,
In response to the user selecting the consent button or the disagreement button, it is determined that the user agrees to authorize the collection of all personal information or disagrees to authorize the collection of personal information.
6. A privacy compliance processing method, wherein the method is applied to a server, the method comprising:
the method comprises the steps of acquiring privacy protocol information input by a provider of an application program on a privacy protocol editing page and storing the privacy protocol information, wherein the privacy protocol information comprises at least one of a personal information list expected to be acquired by the application program and a personal information list expected to be shared with a third party;
The method comprises the steps of receiving authorization information sent by a user terminal provided with an application program through a privacy compliance component, wherein the authorization information is generated by the privacy compliance component according to authorization operation of a user on part of privacy protocol information, and the privacy compliance component is arranged in the application program;
Sending the authorization information to a blockchain for storage so as to acquire a certificate from the blockchain when verification is required;
The method further comprises the steps of receiving a query request sent by the privacy compliance component, and sending information for indicating authorization to the privacy compliance component when authorization is determined, wherein the query request is used for querying whether an application program is authorized to acquire the personal information or whether the application program is authorized to share the personal information with a third party before acquiring any personal information;
wherein the privacy compliance component comprises a renderer and a tracker;
the renderer is used for acquiring the latest privacy protocol information from the server after acquiring a request for opening the privacy compliance page or popup window, and rendering and generating the privacy compliance page or popup window according to the acquired privacy protocol information;
the tracker is used for generating a corresponding privacy authorization character string according to personal information of user checking approval and sending the privacy authorization character string to the server so that the server can conduct fixed evidence according to the privacy authorization character string, and/or recording exposure events of privacy compliance pages or popup windows of the user terminal and checking behaviors of the user and sending the exposure events and the checking behaviors of the user to the server so that the server conducts statistical analysis on the exposure events and the checking behaviors corresponding to the application program;
the tracker is also configured to:
When the renderer acquires personal information of approval of the user, and under the condition that a query request sent by the application program or the third party SDK is not acquired, the application program or the third party SDK is informed of the personal information of approval of the user;
The query request is sent when the application program and the third party SDK need to collect personal information of the user.
7. A privacy compliance processing method, wherein the method is applied to a privacy compliance component, the privacy compliance component is arranged in an application program, and a user terminal installs the application program, the method comprises:
The method comprises the steps of acquiring privacy protocol information from a server side and displaying the privacy protocol information, wherein the privacy protocol information is input by a privacy protocol editing page provided by a provider of an application program at the server side, and the privacy protocol information comprises at least one of a personal information list expected to be acquired by the application program and a personal information list expected to be shared with a third party;
generating corresponding authorization information according to authorization operation of a user on at least part of privacy protocol information and sending the corresponding authorization information to a server, so that the server sends the authorization information to a blockchain for storage, and when verification is needed, a credential is obtained from the blockchain;
The method further comprises the steps of:
Receiving a query request of a third party SDK built in the application program, and forwarding the query request to the server so as to query whether a user authorizes the application program to acquire the personal information or whether the user authorizes the application program to share the personal information with the third party from the server;
Receiving information which is sent by the server and used for indicating authorization, and forwarding the information to the third party SDK;
The method further comprises the steps of:
After a renderer of the privacy compliance assembly acquires a request for opening a privacy compliance page or popup window, acquiring the latest privacy protocol information from the server, and rendering and generating the privacy compliance page or popup window according to the acquired privacy protocol information;
The tracker of the privacy compliance assembly generates a corresponding privacy authorization character string according to personal information of user checking approval and sends the corresponding privacy authorization character string to the server so that the server can conduct fixed evidence according to the privacy authorization character string, and/or records the exposure event of a privacy compliance page or popup window of the user terminal and the checking action of the user and sends the exposure event and the checking action of the user to the server so that the server conducts statistical analysis on the exposure event and the checking action corresponding to the application program;
When the tracker of the privacy compliance component acquires personal information of user approval authorization from the renderer, under the condition that a query request sent by the application program or the third party SDK is not acquired, notifying the application program or the third party SDK of the personal information of user approval authorization;
the query request is sent when the application program and the third party SDK need to collect personal information of a user.
8. An electronic device, comprising:
At least one processor, and
A memory communicatively coupled to the at least one processor;
Wherein the memory stores instructions executable by the at least one processor to cause the electronic device to perform the method of claim 6 or 7.
9. A computer-readable storage medium, wherein computer-executable instructions are stored in the computer-readable storage medium, the method of claim 6 or 7 being implemented when the computer-executable instructions are executed by a processor.
10. A computer program product comprising a computer program which, when executed by a processor, implements the method according to claim 6 or 7.
CN202210209839.0A 2022-03-04 2022-03-04 Privacy compliance processing system, method, apparatus, storage medium, and program product Active CN114580020B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210209839.0A CN114580020B (en) 2022-03-04 2022-03-04 Privacy compliance processing system, method, apparatus, storage medium, and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210209839.0A CN114580020B (en) 2022-03-04 2022-03-04 Privacy compliance processing system, method, apparatus, storage medium, and program product

Publications (2)

Publication Number Publication Date
CN114580020A CN114580020A (en) 2022-06-03
CN114580020B true CN114580020B (en) 2026-02-03

Family

ID=81778050

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210209839.0A Active CN114580020B (en) 2022-03-04 2022-03-04 Privacy compliance processing system, method, apparatus, storage medium, and program product

Country Status (1)

Country Link
CN (1) CN114580020B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115061747B (en) * 2022-06-21 2025-05-27 康键信息技术(深圳)有限公司 Information processing method, device, electronic device and readable storage medium
CN115883620A (en) * 2022-11-25 2023-03-31 长城汽车股份有限公司 A method, device and system for obtaining private state data
CN121234357A (en) * 2024-06-30 2025-12-30 中兴通讯股份有限公司 Privacy policy-based access control methods, electronic devices, and storage media

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110245144A (en) * 2018-04-27 2019-09-17 腾讯科技(深圳)有限公司 Protocol data management method, device, storage medium and system
CN111274598A (en) * 2020-01-23 2020-06-12 众安信息技术服务有限公司 Privacy protection method and device
CN112131556A (en) * 2020-09-29 2020-12-25 腾讯科技(深圳)有限公司 Authority control method, device, equipment and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10861116B1 (en) * 2014-03-13 2020-12-08 James Onstad System and methods to facilitate student data privacy compliance and management for schools
CN113742768A (en) * 2020-05-30 2021-12-03 阿尔法云计算(深圳)有限公司 Privacy protection method, device and system for online application
CN113051613A (en) * 2021-03-15 2021-06-29 Oppo广东移动通信有限公司 Privacy policy detection method and device, electronic equipment and readable storage medium
CN112989426B (en) * 2021-04-30 2021-08-06 腾讯科技(深圳)有限公司 Authorization authentication method and device, and resource access token acquisition method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110245144A (en) * 2018-04-27 2019-09-17 腾讯科技(深圳)有限公司 Protocol data management method, device, storage medium and system
CN111274598A (en) * 2020-01-23 2020-06-12 众安信息技术服务有限公司 Privacy protection method and device
CN112131556A (en) * 2020-09-29 2020-12-25 腾讯科技(深圳)有限公司 Authority control method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN114580020A (en) 2022-06-03

Similar Documents

Publication Publication Date Title
CN114580020B (en) Privacy compliance processing system, method, apparatus, storage medium, and program product
US10417440B2 (en) Systems and methods for digital content delivery
US10748205B2 (en) Method, system, and graphic user interface for enabling a customer to access an artist profile and associated media file
CN114580021B (en) Privacy policy processing method, system, device, storage medium and program product
US20110289420A1 (en) Screen customization supporting system, screen customization supporting method, and computer-readable recording medium
US20080215879A1 (en) Method and system for authenticating a widget
US20160012556A1 (en) Method and System of Creating and Signing Electronic Documents With Increased Party-Signatory Accuracy and Execution Integrity
US20140223573A1 (en) Digital content delivery
US20140122349A1 (en) System, information management method, and information processing apparatus
CN111859128A (en) System and method for third-party application activity data collection
JP6220736B2 (en) Electronic signature document management system and management method
CN114580022B (en) Information transmission method, system, device, storage medium, and program product
US11985122B2 (en) Method and apparatus for sharing content data between networked devices
CN117113392A (en) Privacy data processing methods, devices, computer equipment and storage media
US20140359787A1 (en) Content Management System and Method for Managing and Classifying Data About Entities and for Providing Content Including the Classified Data
CN112559863A (en) Information pushing method, device, equipment and storage medium based on block chain
US20250337816A1 (en) Methods and systems for user data management
WO2015153373A1 (en) Digital content delivery
CN114637722A (en) Data storage method, data viewing method, data management system, data management equipment and storage medium
US9722982B2 (en) Unauthenticated access to artifacts in commerce networks
CN119622817A (en) Privacy request method, device, electronic device and storage medium
Patino Better Reviews
CN114841728A (en) Traffic monitoring service processing method and electronic equipment
CN116992085A (en) Data processing methods and devices
HK1224763A1 (en) Third party application activity data collection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant