保险中介协议不能“过度索权”

Group 1 - The insurance industry is characterized as a "personal information-intensive industry," involving multiple data elements and long protection chains, with various risk points [3] - Some insurance intermediaries have user registration agreements that contain infringing clauses allowing the use of personal contact information for "partner product recommendations" [1][3] - The Personal Information Protection Law mandates that the collection and processing of personal information must adhere to the "minimum necessity" principle, limiting data collection to what is necessary for achieving processing purposes [3][4] Group 2 - Despite the establishment of a legal framework for data compliance in China, including the Cybersecurity Law, Data Security Law, and Personal Information Protection Law, violations in personal information collection persist [4] - The ambiguity of the "minimum necessity" principle, along with the opaque nature of data flow and misuse of technology, contributes to the ongoing issues of excessive data collection [4] - Effective governance of personal information misuse requires more than just user vigilance or corporate ethics; it necessitates detailed scenario rules, effective notification, increased violation costs, and rigid constraints [4]