细分行为

《网安法》对应条款

过度收集个人信息

隐秘收集

直接面向个人用户的网络运营者欺瞒收集行为

1.   22条第2款：“网络产品、服务具有收集用户信息功能的，其提供者应当向用户明示并取得同意；涉及用户个人信息的，还应当遵守本法和有关法律、行政法规关于个人信息保护的规定。”

2.   41条第1款：“网络运营者收集、使用个人信息，应当遵循合法、正当、必要的原则，公开收集、使用规则，明示收集、使用信息的目的、方式和范围，并经被收集者同意。”

向上述网络运营者提供功能模块或组件的第三方开发者隐瞒收集行为

强制收集

服务或功能强制捆绑

无直接对应的条款

扩大单个功能必需收集的信息类型、数量等

41条第1款：“网络运营者不得收集与其提供的服务无关的个人信息”

Millions of  smartphone users confess their most intimate secrets to apps, including when  they want to work on their belly fat or the price of the house they checked  out last weekend. Other apps know users' body weight, blood pressure,  menstrual cycles or pregnancy status.

Unbeknown to  most people, in many cases that data is being shared with someone else:  Facebook Inc.

The  social-media giant collects intensely personal information from many popular  smartphone apps just seconds after users enter it, even if the user has no  connection to Facebook, according to testing done by The Wall Street Journal.  The apps often send the data without any prominent or specific disclosure,  the testing showed.

It is already  known that many smartphone apps send information to Facebook about when users  open them, and sometimes what they do inside. Previously unreported is how at  least 11 popular apps, totaling tens of millions of downloads, have also been  sharing sensitive data entered by users. The findings alarmed some privacy  experts who reviewed the Journal's testing.

Facebook is  under scrutiny from Washington and European regulators for how it treats the  information of users and nonusers alike. It has been fined for allowing now  defunct political-data firm Cambridge Analytica illicit access to users' data  and has drawn criticism for giving companies special access to user records  well after it said it had walled off that information.

In the case of  apps, the Journal's testing showed that Facebook software collects data from  many apps even if no Facebook account is used to log in and if the end user  isn't a Facebook member.

Apple Inc. and  Alphabet Inc.'s Google, which operate the two dominant app stores, don't  require apps to disclose all the partners with whom data is shared. Users can  decide not to grant permission for an app to access certain types of  information, such as their contacts or locations. But these permissions  generally don't apply to the information users supply directly to apps, which  is sometimes the most personal.

In the  Journal's testing, Instant Heart Rate: HR Monitor, the most popular  heart-rate app on Apple's iOS, made by California-based Azumio Inc., sent a  user's heart rate to Facebook immediately after it was recorded.

Flo Health  Inc.'s Flo Period & Ovulation Tracker, which claims 25 million active  users, told Facebook when a user was having her period or informed the app of  an intention to get pregnant, the tests showed.

Real-estate  app Realtor.com, owned by Move Inc., a subsidiary of Wall Street Journal parent  News Corp, sent the social network the location and price of listings that a  user viewed, noting which ones were marked as favorites, the tests showed.

None of those  apps provided users any apparent way to stop that information from being sent  to Facebook.

Facebook said  some of the data sharing uncovered by the Journal's testing appeared to  violate its business terms, which instruct app developers not to send it  "health, financial information or other categories of sensitive  information." Facebook said it is telling apps flagged by the Journal to  stop sending information its users might regard as sensitive. The company  said it may take additional action if the apps don't comply.

"We  require app developers to be clear with their users about the information  they are sharing with us," a Facebook spokeswoman said.

At the heart  of the issue is an analytics tool Facebook offers developers, which allows  them to see statistics about their users' activities—and to target those  users with Facebook ads. Although Facebook's terms give it latitude to use  the data uncovered by the Journal for other purposes, the spokeswoman said it  doesn't do so.

Facebook tells  its business partners it uses customer data collected from apps to  personalize ads and content on Facebook and to conduct market research, among  other things. A patent the company applied for in 2015, which was approved  last year, describes how data from apps would be stored on Facebook servers  where it could be used to help the company's algorithms target ads and select  content to show users.

Apple said its  guidelines require apps to seek "prior user consent" for collecting  user data and take steps to prevent unauthorized access by third parties.  "When we hear of any developer violating these strict privacy terms and  guidelines, we quickly investigate and, if necessary, take immediate  action," the company said.

A Google  spokesman declined to comment beyond pointing to the company's policy  requiring apps that handle sensitive data to "disclose the type of parties  to which any personal or sensitive user data is shared," and in some  cases to do so prominently.

Before Alice  Berg began using Flo to track her periods last June, she checked the app's  terms of service. The 25-year-old student in Oslo says she had grown more  cautious about sharing data with apps and wanted to ensure that only a  limited amount of her data would be shared with third-parties like Facebook.

Now Ms. Berg  said she may delete the app. "I think it's incredibly dishonest of them  that they're just lying to their users especially when it comes to something  so sensitive," she said.

Flo Health's  privacy policy says it won't send "information regarding your marked  cycles, pregnancy, symptoms, notes and other information that is entered by  you and that you do not elect to share" to third-party vendors.

Flo initially  said in a written statement that it doesn't send "critical user  data" and that the data it does send Facebook is  "depersonalized" to keep it private and secure.

The Journal's testing,  however, showed sensitive information was sent with a unique advertising  identifier that can be matched to a device or profile. A Flo spokeswoman  subsequently said the company will "substantially limit" its use of  external analytics systems while it conducts a privacy audit.

Move, the  owner of real-estate app Realtor.com—which sent information to Facebook about  properties that users liked, according to the Journal's tests—said "we  strictly adhere to all local, state and federal requirements," and that  its privacy policy "clearly states how user information is collected and  shared." The policy says the app collects a variety of information,  including content in which users are interested, and may share it with third  parties. It doesn't mention Facebook.

The Journal  tested more than 70 apps that are among the most popular in Apple's iOS store  in categories that handle sensitive user information. The Journal used  software to monitor the internet communications triggered by using an app,  including the information being sent to Facebook and other third parties. The  tests found at least 11 apps sent Facebook potentially sensitive information  about how users behaved or actual data they entered.

Among the top  10 finance apps in Apple's U.S. app store as of Thursday, none appeared to  send sensitive information to Facebook, and only two sent any information at  all. But at least six of the top 15 health and fitness apps in that store  sent potentially sensitive information immediately after it was collected.

Disconnect  Inc., a software company that makes tools for people to manage their online  privacy, was commissioned by the Journal to retest some of the apps. The  company confirmed the Journal's findings, and said Facebook's terms allowing  it to use the data it collected were unusual.

"This is  a big mess," said Patrick Jackson, Disconnect's chief technology  officer, who analyzed apps on behalf of the Journal. "This is completely  independent of the functionality of the app."

The software  the Journal used in its tests wasn't able to decipher the contents of traffic  from Android apps. Esther Onfroy, co-founder of cybersecurity firm Defensive  Lab Agency, conducted a separate test showing that at least one app flagged  by the Journal's testing, BetterMe: Weight Loss Workouts, was in its Android  version also sharing users' weights and heights with Facebook as soon as they  were entered.

BetterMe Ltd.  didn't respond to email and social-media inquires from the Journal. On Feb.  16, after being contacted by the Journal, it updated its privacy policy,  replacing a general reference to Facebook's analytics to one that says it  shares information with Facebook so it can determine "the average weight  and height of our users, how many users chose a particular problem area of  their body, and other interactions."

Apps often  integrate code known as software-development kits, or SDKs, that help  developers integrate certain features or functions. Any information shared  with an app may also be shared with the maker of the embedded SDK. There are  an array of SDKs, including Facebook's, that allow apps to better understand  their users' behavior or to collect data to sell targeted advertising.

Such  data-sharing among apps through the use of SDKs is "industry standard practice,"  a Facebook spokeswoman said.

Facebook's  SDK, which is contained in thousands of apps, includes an analytics service  called "App Events" that allows developers to look at trends among  their users. Apps can tell the SDK to record a set of standardized actions  taken by users, such as when a user completes a purchase. App developers also  can define "custom app events" for Facebook to capture—and that is  how the sensitive information the Journal detected was sent.

Facebook says  on its website it uses customer data from its SDK, combined with other data  it collects, to personalize ads and content, as well as to "improve  other experiences on Facebook, including News Feed and Search content ranking  capabilities."

But the  spokeswoman said Facebook doesn't use custom events—the ones that can contain  sensitive information—for those purposes. She said Facebook automatically  deletes some sensitive data it might receive, such as Social Security  numbers.

She said  Facebook is now looking into how to search for apps that violate its terms,  and to build safeguards to prevent Facebook from storing sensitive data that  apps may send.

Privacy  lawyers say the collection of health data by nonhealth entities is legal in  most U.S. states, provided there is sufficient disclosure in an app's and  Facebook's terms of service. The Federal Trade Commission has taken an  interest in cases in which data sharing deviates widely from what users might  expect, particularly if any explanation was hard for users to find, said  Woodrow Hartzog, a professor of law and computer science at Northeastern  University.

The privacy  policy for Azumio, maker of the Instant Heart Rate app, says it collects  health information including heart rates, and that it may provide some  personal data to third-party service providers and advertising providers. It  doesn't say anything about providing those outside entities with health  information drawn from its apps, nor does it mention Facebook as a provider.

Bojan  Bostjancic, the company's CEO, said in an email message that it uses Facebook  analytics to analyze its users' behavior in the app, and that it discloses  the use of third parties in its privacy policy. He didn't respond to  follow-up questions.

After being  contacted by the Journal, Breethe Inc., maker of a meditation app of the same  name, stopped sending Facebook the email address each user used to log in to  the app, as well as the full name of each meditation completed.

"Clearly,  Facebook's business model is unique and, unfortunately, we were not as  diligent in aligning our data management with their privacy policy as we  should have been," said Garner Bornstein, the company's co-founder.

In the  European Union, the processing of some sensitive data, such as health or  sexual information, is more tightly regulated. The EU's new privacy law  usually requires companies to secure explicit consent to collect, process or  share such data—and making consent a condition of using a service usually  isn't valid.

Some privacy  experts who reviewed the Journal's findings said the practices may be in  violation of that law. "For the sensitive data, companies basically  always need consent—likely both the app developer and Facebook," said  Frederik J. Zuiderveen Borgesius, a law professor at Radboud University in  the Netherlands.

The Facebook  spokeswoman said the company is in compliance with the EU privacy law.

Facebook  allows users to turn off the company's ability to use the data it collects  from third-party apps and websites for targeted ads. There is currently no  way to stop the company from collecting the information in the first place,  or using it for other purposes, such as detecting fake accounts. Germany's  top antitrust enforcer earlier this month ordered Facebook to stop using that  data at all without permission, a ruling Facebook is appealing.

Under pressure  over its data collection, Facebook Chief Executive Mark Zuckerberg said last  year that the company would create a feature called "Clear History"  to allow users to see what data Facebook had collected about them from  applications and websites, and to delete it from Facebook. The company says  it is still building the technology needed to make the feature possible.

Data drawn  from mobile apps can be valuable. Advertising buyers say that because of  Facebook's insights into users' behavior, it can offer marketers better  return on their investment than most other companies when they seek users who  are, say, exercise enthusiasts, or in the market for a new sports car. Such  ads fetch a higher cost per click.

That is partly  why Facebook's revenue is soaring. Research firm eMarketer projects that  Facebook this year will account for 20% of the $333 billion world-wide  digital-advertising market.

In a call to  discuss the company's most recent earnings, however, Chief Financial Officer  David Wehner noted that investors should be aware that Apple and Google could  possibly tighten their privacy controls around apps. That possibility, he  said, is "an ongoing risk that we're monitoring for 2019."

Mark Secada,  Yoree Koh and Kirsten Grind contributed to this article.

数以百万计的智能手机用户向应用程序坦白了他们最私密的秘密，包括他们何时想要处理他们的腹部脂肪或者他们上周末查看的房子价格。其他应用程序知道用户的体重、血压、月经周期或怀孕状态。

大多数人都不知道，在许多情况下，这些数据正在与其他人共享：Facebook公司.
 
 

根据华尔街日报的调查，在用户输入后的几秒钟，这家社交媒体巨头就从许多流行的智能手机应用程序中大量收集个人信息，即使用户与Facebook没有任何联系。该调查显示，应用程序在发送数据时通常没有任何明显或具体的披露。

众所周知，许多智能手机应用程序向Facebook发送有关用户何时打开应用程序的信息，有时甚至是他们在应用程序内部的所作所为的信息。此前没有报道的是，至少有11款下载量达到数千万次的流行应用程序也共享了用户输入的敏感数据。这一发现引起了一些隐私专家的警觉，他们对华尔街日报的调查作出了评论。

华盛顿和欧洲监管机构正在详细审查Facebook如何处理用户和非用户的信息。该公司曾因为允许现已倒闭的政治数据公司Cambridge Analytica非法获取用户数据而被罚款，还因声称已将用户信息屏蔽之后给与其他公司访问上述信息的特殊权限而受到批评。

对于应用程序，华尔街日报的调查显示Facebook软件从许多应用程序收集数据，即使用户没有使用Facebook帐户登录，即使该终端用户并非Facebook的用户。

Apple 公司和Alphabet公司旗下的Google运营着两家主要的应用程序商店，它们并不要求应用程序披露其共享数据的所有合作伙伴。用户可以决定不授予应用程序访问某些类型信息的权限，例如其联系人或位置信息。但是这些权限通常不适用于用户直接向应用程序提供的信息，而这些信息有时却是最私人的。

在华尔街日报的调查中，即时心率：HR Monitor，Apple的iOS上最受欢迎的心率应用程序，由加利福尼亚州的Azumio Inc.制作，会在记录用户的心率后立即将其发送给Facebook。

调查显示，Flo Health 公司的Flo经期与排卵追踪器，该款声称拥有2500万活跃用户的应用程序会在用户处于经期或告知应用程序其有怀孕意向时告知Facebook。

调查显示，由华尔街日报母公司新闻集团的子公司Move 公司所有的房地产应用程序Realtor.com，会向该社交网络发送用户查看的房源信息的位置和价格，并指出哪些被标记为收藏。

这些应用程序都没有向用户提供任何明显的渠道来阻止这些信息被发送给Facebook。

Facebook表示，华尔街日报调查发现的部分数据共享似乎违反了其业务条款，该条款指示应用开发者不要向其发送“健康信息、财务信息或其他类别的敏感信息”。 Facebook表示，它正在通知被华尔街日报点名的应用程序停止向其发送用户可能认为敏感的信息。该公司表示，如果应用程序不遵守，它可能会采取额外措施。

“我们要求应用程序开发者向其用户明确说明他们与我们分享的信息，”Facebook发言人说。

这个问题的核心是，Facebook向应用开发者提供了一个分析工具，允许他们查看有关其用户活动的统计数据，并通过Facebook广告定向这些用户。尽管Facebook的条款允许其将华尔街日报揭露的数据用于其他目的，但该发言人表示，他们没有这样做。

Facebook告诉其商业合作伙伴，它将从应用程序收集的客户数据用于个性化Facebook上的广告和内容，并进行市场调查等。该公司于2015年申请的去年获得批准的专利描述了应用程序中的数据如何存储在Facebook服务器上，可以用于帮助公司的算法定向广告和选择向用户显示的内容。

Apple称其指导准则要求应用程序在收集用户数据时必须 “事先征得用户同意”，并采取措施防止第三方未经授权的访问。 “当我们听说任何开发者开发商违反这些严格的隐私条款和准则时，我们会迅速进行调查，并在必要时立即采取行动，”该公司表示。

谷歌发言人拒绝发表评论，仅指出该公司的政策要求处理敏感数据的应用程序“披露其共享任何个人或敏感用户数据的当事方类型”，并且在某些情况下应当突出显示。

在去年六月Alice Berg开始使用Flo追踪她的经期之前，她检查了该应用程序的服务条款。这位25岁的奥斯陆学生表示，她在与应用程序共享数据方面变得更加谨慎，并希望确保只有有限数量的数据与Facebook这样的第三方共享。

现在伯格女士说她可能会删除该应用程序。 “我认为他们非常不诚实，他们只是在欺骗他们的用户，特别是在涉及到如此敏感的事情时，”她说。

Flo Health的隐私政策称，它不会向第三方供应商发送“您输入的标记的周期、怀孕、症状、笔记和其他信息，且您不能选择分享该等信息”。

Flo最初在一份书面声明中表示，它不发送“关键用户数据”，而且它发送给Facebook的数据是“非个性化的”，以保持私密性和安全性。

然而，华尔街日报的调查显示，敏感信息的发送会带有一个独特的广告标识符，可以与设备或用户资料相匹配。 Flo发言人随后表示，该公司将在进行隐私审计时“大幅限制”其对外部分析系统的使用。

根据华尔街日报的调查，房地产应用程序Realtor.com的所有者Move公司会向Facebook发送有关用户喜欢的房产的信息。该公司称“我们严格遵守所有地方、州和联邦的要求”，且其隐私政策“明确说明了用户信息的收集和共享方式”。该隐私政策说明，该应用程序会收集各种信息，包括用户感兴趣的内容，并且可能与第三方共享。但它没有提到Facebook。

华尔街日报调查了超过70个应用程序，这些应用程序是苹果iOS商店处理敏感用户信息的类别中最受欢迎的应用程序。华尔街日报使用软件监测使用应用程序触发的互联网通信，包括发送给Facebook和其他第三方的信息。测试发现，至少有11个应用程序向Facebook发送了可能很敏感的信息，这些信息涉及用户行为方式或用户输入的实际数据。

截至周四，Apple的美国应用程序商店中排名前十的金融应用程序中，似乎都没有向Facebook发送敏感信息，只有两个应用程序发送了信息。但该商店排名前15的健康和健身应用程序中至少有6个在收集了潜在的敏感信息后立即对外发送。

Disconnect 公司是一家为人们提供在线隐私管理工具的软件公司，其受委托华尔街日报委托重新测试了部分应用程序。该公司证实了华尔街日报的调查结果，并表示Facebook允许其使用其收集的数据的条款并不常见。

“这真是一团糟，”Disconnect的首席技术官Patrick Jackson说，他代表华尔街日报分析了应用程序。 “这与应用程序的功能完全没有关系。”

华尔街日报在其调查中使用的软件无法对安卓应用程序的流量内容进行解码。网络安全公司Defensive Lab Agency的联合创始人Esther Onfroy进行了一项单独的测试，结果显示，华尔街日报调查中提到的至少有一款应用程序，BetterMe：Weight Loss Workouts，其安卓版本会在用户的体重和身高信息输入时立刻与Facebook分享。

华尔街日报通过电子邮件和社交媒体进行询问，但BetterMe 有限公司没有回应。在2月16日，在华尔街日报联系之后，该公司更新了隐私政策，将对Facebook分析的一般性描述改为其与Facebook分享信息，以便确定“我们用户的平均体重和身高、有多少用户选择了自己身体的特定问题区域以及其他内容”

应用程序通常会集成被称为软件开发工具包或SDK的代码，这些代码可以帮助开发者集成某些特性或功能。与应用程序共享的任何信息也可以与嵌入式SDK的制造商共享。包括Facebook的SDK在内的一系列SDK，允许应用程序更好地了解用户的行为或收集数据以销售定向广告。

Facebook发言人表示，通过使用SDK来实现应用程序之间的这种数据共享是“行业标准做法”。

Facebook的SDK包含在数千个应用程序中，包括一个名为“App Events”的分析服务，允许开发者查看其用户趋势。应用可以使SDK记录用户采取的一系列标准化操作，例如用户完成购买的时间。应用程序开发者还可以为Facebook定义“自定义应用程序事件”以进行抓取——这就是华尔街日报检测到的敏感信息的发送方式。

Facebook在其网站上表示，它将SDK中的客户数据与收集的其他数据进行结合，以对广告和内容进行个性化，并用于“改善Facebook上的其他体验，包括新闻提要和搜索内容排名功能”。

但该发言人表示，Facebook没有为此目的使用哪些可以包含敏感信息的自定义事件。她说，Facebook会自动删除一些可能收到的敏感数据，例如社会安全号码。

她说Facebook正在研究如何查找违反其条款的应用程序，并建立安全措施以防止Facebook存储应用程序可能发送的敏感数据。

隐私律师表示，如果在应用程序和Facebook的服务条款中有充分的披露，非健康卫生机构收集健康数据在美国的大多数州都是合法的。东北大学法律和计算机科学教授Woodrow  Hartzog说，联邦贸易委员会对严重偏离用户预期的数据共享情况表示了兴趣，特别是如果用户难以找到任何解释的情况。

即时心率应用程序制造商Azumio的隐私政策称，该公司收集包括心率在内的健康信息，并可能向第三方服务提供商和广告提供商提供一些个人数据。但它完全没有提到会向外部实体提供从其应用程序中提取的健康信息，也没有提到Facebook是一个提供商。

该公司首席执行官Bojan  Bostjancic在一封电子邮件中表示，该公司使用Facebook分析来分析用户在应用程序中的行为，且公司在其隐私政策中公开了第三方的使用。他并没有对后续问题作出回应。

在华尔街日报联系之后，同名冥想应用程序制造商Breethe 公司停止向Facebook发送每个用户登录该应用程序时使用的电子邮件地址，以及每个完成的冥想的全名。

“很显然，Facebook的商业模式是独一无二的，不幸的是，我们并没有像我们应该的那样努力使我们的数据管理符合他们的隐私政策，”该公司联合创始人Garner Bornstein说。

在欧盟，一些敏感数据的处理，如健康或性信息，会受到更为严格的监管。欧盟新的隐私法通常要求公司在收集、处理、分享此类数据时征得明确的同意，并且以同意为使用服务的条件通常是无效的。

一些评论了华尔街日报调查结果的隐私专家表示，这些做法可能违反了该法律。 “对于敏感数据，公司基本上必须获得同意，应用程序的开发者和Facebook可能都应如此”，荷兰Radboud大学法学教授Frederik J.  Zuiderveen Borgesius说。

Facebook发言人表示，该公司遵守了欧盟隐私法。

Facebook允许用户停止授权其使用从第三方应用和网站收集的数据来定向广告。目前还没有办法可以从一开始就阻止公司收集信息，或将其用于其他目的，例如检测虚假账户。本月早些时候，德国最高反垄断执法者命令Facebook在未经许可的情况下完全停止使用这些数据，Facebook正在上诉这一裁决。

面对数据收集方面的压力，Facebook首席执行官扎克伯格去年表示，该公司将创建一个名为“清除历史”的功能，允许用户查看Facebook从应用程序和网站上收集的关于他们的数据，并从Facebook删除这些数据。该公司表示，它仍在开发实现该功能所需的技术。

从移动应用中获得的数据可能非常有价值。广告买家表示，由于Facebook对用户行为的洞察，当营销人员要寻找运动爱好者，或者在市场上购买新跑车的用户，他们的投资回报会比大多数的其他公司都要更高。此类广告的每次点击费用也更高。

这就是Facebook营收飙升的部分原因。研究公司eMarketer预计，Facebook今年将占全球3330亿美元数字广告市场的20％。

然而，在一次讨论该公司最新收益的电话会议中，首席财务官David Wehner指出，投资者应该意识到Apple和Google可能会加强对应用程序的隐私控制。他说，这种可能性是“一个我们正在为2019年监测的持续风险。”

Mark Secada，Yoree Koh和Kirsten Grind对本文做出了贡献。