Bank APP privacy compliance issues have been repeatedly prohibited, and Leshan Commercial Bank APP has been named and notified
GuShiio.com Blue Whale News, February 19 (Reporter Jin Lei)The National Computer Virus Emergency Response Center recently found through Internet monitoring that 14 mobile applications had privacy non-compliance. This includes that if the personal information processor provides the personal information it processes to other personal information processors, fails to inform the individual of the recipient’s name, contact information, processing purpose, processing method and type of personal information, and obtains the individual’s Individual consent. The mobile applications involved include Leshan Commercial Bank (version 3.31.6, Application Bao).
Leshan City Commercial Bank is one of the city commercial banks in Sichuan Province. It was established in 1985. The official website shows that as of now, the bank’s assets are 107.3 billion yuan, the balance of various deposits is nearly 50 billion yuan, the balance of various loans is 29.5 billion yuan, the registered capital is 2.392 billion yuan, and more than 1300 employees.
In July last year, information on the official website of the State Financial Supervision and Administration showed that the Sichuan Financial Supervision Bureau issued an approval on June 28, agreeing to Leshan Commercial Bank to change its registered capital. After the change, the bank’s registered capital will increase from the previous 3.75 billion yuan to 4.83 billion yuan.
The credit rating report issued by Lianhe Credit in July 2023 shows that Leshan Commercial Bank will start guidance work for the listing of Hong Kong stocks. As of the date of issuance of the report, matters related to the launch of the listing guidance work have been resolved by the board of directors of Leshan Commercial Bank. At present, Yibin Commercial Bank, which is also Sichuan City Commercial Bank, has registered on the Hong Kong Stock Exchange.
In fact, the phenomenon of bank APP privacy infringement is not an isolated case. According to incomplete statistics from Blue Whale News, nearly 20 banks have been notified of non-compliance with mobile application privacy since 2024, including Kunshan Rural Commercial Bank, Suzhou Rural Commercial Bank, Jiangsu Changjiang Commercial Bank, Hubei Bank, Hubei Rural Credit, etc. The illegal banking institutions are mainly concentrated in small and medium-sized banks.
In terms of the reasons, almost all of them are related to the collection of private information. For example, the APP does not clearly indicate to the user that it does not have the user’s consent, and there are frequent self-activation or associated activation behaviors; the privacy policy is difficult to access, and the APP operator is not stated. Basic information of the person, the timeliness of the privacy policy is not stated; the processing of sensitive personal information without individual consent, etc.
As banks ‘digital transformation accelerates, online channels including mobile banking apps have become important links in carrying business development. In the Internet era, user data has become an important asset of banks, but it also brings risks such as privacy leaks and data security. Therefore, banks must attach great importance to privacy compliance issues and ensure the safe and compliant use of user data. In recent years, APP rectification has also become one of the key regulatory directions.
In September 2024, the State Financial Supervision and Administration Administration issued the “Notice on Strengthening the Management of Mobile Internet Applications in the Banking and Insurance Industry”, which proposed 18 work requirements from four aspects: data security, outsourcing management, business continuity and personal information protection., setting a red line for mobile application management of financial institutions.
The State Financial Supervision and Administration Administration has clearly required that bank insurance institutions should handle personal information in accordance with the principles of clear notification and authorization, and should be limited to the minimum scope to achieve the purpose of financial business processing, and must not excessively collect personal information.
Some APP developers said that in actual operation, bank APP will have many functional modules. For example, online loan business generally requires collecting borrower information, but sometimes expanding the address book authority will collect the contact information of relatives and friends. Then similar information is excessive information collected illegally. Another example is that there are business needs such as authentication that requires calling the mobile phone camera, but other data is actually called, which is also unnecessary information collection.
As users, they must carefully read their user agreement and privacy policy instructions, not arbitrarily open and agree to unnecessary privacy rights, not arbitrarily enter personal privacy information, and regularly maintain and clean up relevant data to avoid personal privacy information being leaked.
