个人信息保护是重灾区，互金协会通报部分中小银行APP违规

Core Viewpoint - The self-regulatory inspection by the China Internet Finance Association revealed significant privacy and security issues in mobile financial apps operated by various banks, highlighting systemic shortcomings in the industry regarding data protection and user privacy [1][2][3]. Group 1: Inspection Findings - The self-regulatory inspection identified that many mobile financial apps have concentrated issues in three main categories: personal information protection, security protection, and data security [2][9]. - Notable problems include security vulnerabilities in identity authentication, where sensitive information like names and bank card numbers are not adequately protected, and the lack of real-time protective measures during payment password entry [9][11]. - Personal information protection issues include unauthorized collection and use of user data, excessive data collection beyond necessary limits, and failure to provide users with options to delete or correct their information [2][9]. Group 2: User Experiences - Users expressed frustration over the necessity to grant extensive permissions to access basic banking functions, feeling that their privacy is compromised [3][10]. - Concerns about personal data leakage were prevalent, with users reporting unsolicited marketing calls and a lack of transparency regarding how their information is used [10][11]. Group 3: Regulatory Response - The National Financial Regulatory Administration has issued guidelines emphasizing the need for banks to adhere to principles of clear notification and user consent when handling personal information, limiting data collection to what is necessary [10][11]. - A notification in September 2024 mandated financial institutions to establish personal information protection systems for mobile applications, requiring them to inform users about data collection purposes and provide complaint channels [10][11]. Group 4: Compliance Challenges - Small and medium-sized banks have been identified as frequent violators of privacy regulations, with nearly 20 banks cited for non-compliance in 2024 [11][12]. - The reasons for these compliance issues include a focus on data collection for traffic generation, inadequate awareness of compliance requirements, and the complexity of privacy policies that confuse users [11][12]. Group 5: Recommendations for Improvement - Experts suggest tailored compliance guidelines for small banks, increased regular inspections, and stricter penalties for violations [12]. - Recommendations also include embedding data security responsibilities within organizations, simplifying privacy policies for user understanding, and integrating security assessments into the initial product design phase [12].