Recently, a number of consumers complained on the black cat complaint platform that Xiaopeng Automobile could not be delivered in time. For example, a consumer claimed that he ordered the Xiaopeng P5 460G version in October 2021 and paid a deposit of 5,000 yuan and signed a purchase agreement, although the sales staff told the end of November or December to deliver the car, but it was not until January 18, 2022 that the car was not told to be equipped.
This is the second time recently that Xiaopeng has become a hot topic.
At the end of last year, Shanghai Xiaopeng Automobile Sales service Co., Ltd. was fined 100,000 yuan by the Xuhui District Market Supervision and Administration Bureau, on the grounds that the parties purchased 22 camera devices with face recognition functions and installed them in their stores, so as to count the number of people entering the store and analyze the proportion of men and women, age, etc.
According to the penalty decision of the market supervision department, from January to June 2021, Xiaopeng Automobile collected and uploaded 431623 face photos. This act violates the Consumer Rights and Interests Protection Law without obtaining the consent of the consumer, nor does it explicitly or inform the consumer of the purpose of collection and use.
This is just the tip of the iceberg of data security risks.
With the rapid development of the mainland's digital economy, all kinds of data have grown rapidly and gathered massively, accompanied by some new problems: clicking on the app on the mobile phone, the terms of use lurk the risk of excessive collection of personal information; from online shopping to travel traffic, users are accurately profiled by big data; data breaches caused by Trojan viruses and so on bring annoying harassing phone calls, text messages...
It is not difficult to find that the security vulnerabilities brought by data are invincible, and data security governance still has card neck problems such as weak technical hardware and lack of relevant standards.
Security protection is relatively rudimentary
As data mining and application by all parties become more and more frequent, a series of problems have emerged in data security. For example, who collects, who distributes, who uses, what are the rights and obligations? Whether the enterprise is providing services or disturbing users, or even endangering the corresponding rights and interests of users, it was once unclear.
In response to the above-mentioned penalty, Xiaopeng Automobile responded, "In this incident, the stores in the Shanghai area hoped to improve the reception process and better serve the customers who arrived at the store through the collection and analysis of data such as the customer flow of the store, but due to their unfamiliarity with the relevant legal provisions, they mistakenly purchased and used the products of third-party suppliers (Yuluoke) who violated the relevant legal terms." Xiaopeng Automobile expressed its complete obedience to this administrative punishment and made a deep reflection on the matter. ”
According to the "Face Recognition Application Scenario Compliance Report", nearly half of the respondents believe that face recognition is abused, and about 80% of the respondents prefer the government to set up regulatory agencies or reduce risks through laws and regulations and national standards. From the perspective of age dimension, as they grow older, users' trust in face recognition shows an "hourglass" feature – younger and older respondents generally distrust face recognition more.
"The level of data security protection of mainland enterprises is still in its infancy, showing two characteristics." Ren Kui, dean and professor of the School of Cyberspace Security of Zhejiang University, introduced that first of all, a variety of data security protection technologies have developed rapidly, and some technologies are still in the state of research and development. For example, digital bloodline tracking technology and data field labeling technology are not yet mature, and the impact on business operations needs to be further studied, and large-scale application will take time. Secondly, institutional standards in related fields need to be formulated urgently, and the normalized regulatory mechanism needs to be improved. For example, in terms of data encryption and data masking, a unified standard has not yet been formed for the methods, processes and effects of data desensitization, and various enterprises understand that there are large deviations, and the application effect of data security technology cannot be guaranteed.
Some companies themselves do not have a high awareness of data protection, insufficient protection means, and are prone to leak data information when encountering staff operation errors or network attacks. According to IDC's research report, half of the data is currently stored in the company's own data center or rented third-party data center, 22% is stored in the cloud service provider data center, and 19% is saved in the edge data center. With the increase in the use of data centers in mainland China, the problems of large energy consumption and low efficiency of data centers have become increasingly prominent, and due to more frequent data exchange, core business data, personal privacy data protection, etc. are also facing more security risks.
Obviously, the biggest challenge in harnessing the great value of data as a factor of production is how to improve from the security protection of data assets to the security of data use and data circulation. Yang Zhiwei, a partner at CBC Broadband Capital, said that if data asset security is the 1.0 stage of data security, which is the storage and transmission security of data, "data use security" is the 2.0 stage, who is using data, and whether the user has violated or exceeded his authority in the process of data use. As data flows between different users and different institutions, data security also enters a new phase of "data flow security" 3.0. At this time, it is necessary to solve the security problems of personal information and confidential information in the process of data circulation between different users and different institutions, in order to truly exert the effective use of data value.
When big data kills
The optimization of algorithms and the advancement of technology should be applied to provide consumers with more accurate and efficient services. However, in the Internet world, some operators use the high technology and high concealment of algorithms to use discriminatory algorithms to match and infringe on the rights and interests of consumers. From the perspective of market position, big data killing is an unequal transaction in which operators abuse their dominant market position.
Internet industries such as e-commerce, taxis, and takeaways are the hardest hit areas for big data. Initially, the controversy was the purchase of the same specifications and models, the use of the same merchants at the same distance to present different prices, the higher the frequency of customer consumption, the greater the stickiness of the product, the need to pay relatively higher fees, this chaos is painful.
At present, most of the Internet platforms that have matured in big data are enterprises that occupy a large share in the market and have relative advantages in some specific service industries. Xu Tao, school of economics and management at Tongji University, said that anti-monopoly issues have always been the focus of supervision of Internet platforms. Under normal circumstances, for enterprises that implement big data killing, consumers can choose other platforms after perceiving their killing behavior. But once the enterprises that implement big data killing form a dominant market position, consumers have no choice but to continue to use their products or services.
In particular, the extremely complex sales strategies formulated by online platforms make it impossible for ordinary consumers to clarify the actual reasonable price through hundreds of price combinations. In this case, the difficulty of proof by consumers will affect their confidence in safeguarding their rights, and it may take a long time to obtain strong evidence. Coupled with the lack of understanding and relevant experience of some law enforcement personnel on this new type of violation, it will affect the acceptance and handling of such cases, and the result will cause the anti-killing big data to stay on the text.
Han Weili, deputy dean of the School of Software of Fudan University, said that big data killing itself is the use of a variety of consumption data to form a label of consumption data, which is more difficult to identify in online commodity transactions, and will undermine the fairness of transactions and undermine the fairness of society.
To "calculate" consumers, it is necessary to obtain sufficient consumer information. According to reports, the platform still needs to improve the way consumer information is obtained. At present, the platform mainly adopts the method of standard contracts to obtain consumers' information collection and use licenses, and these contracts are complex and have many terms, and if they cannot accept the standard contracts in a package, they cannot obtain platform services. Therefore, the standard contract for information acquisition is re-examined by the parties concerned.
The market itself faces many technical challenges. "The algorithm itself is actually neutral, and how to make the algorithm more kind requires the joint efforts of all participants." Han Weili said.
Enterprise compliance transformation is difficult
At present, with the acceleration of enterprise digital transformation process, the evolution of new technologies and new architectures has also brought higher requirements to enterprise data security.
In the view of Yan Shu, deputy director of the Big Data and Blockchain Department of the Institute of Cloud Computing and Big Data of the China Academy of Information and Communications Technology, data security supervision is becoming stricter, and the difficulty of corporate compliance is escalating, and how to use effective means to ensure data security and compliance is a major challenge facing enterprises.
There are also industry veterans who have analyzed that enterprises are currently facing the following challenges in data security: First, the problem of resource investment. For some business-oriented small and medium-sized enterprises, their own technical investment is insufficient, which will pose great challenges to the compliance governance of data. Secondly, for enterprises that have the ability to carry out compliance transformation, the delivery speed of business units and the delay caused by compliance construction in basic departments are also difficult to reconcile. In addition, some enterprise software developers have long neglected data security, and after compliance construction, there will be a contradiction between a self-righteous "engineer culture" and standardized processes/rules.
IDC predicts that between 2018 and 2025, the amount of data generated worldwide will grow from 33 ZB to 175 ZB, with more than 80% of the data being unstructured. If structured data is machine-readable data, then unstructured data is human-readable data, produced by human activities, including pictures, videos, voice, and text.
Compared with traditional structured data and semi-structured data, the amount of unstructured data is huge (the total amount is 3 orders of magnitude or more), the growth rate is faster (every 1 KB of structured data generated at the same time, about 1 GB of unstructured data is generated), and the collection channels are extensive, and the data processing link is very long. These create challenges for the security of unstructured data.
The above-mentioned industry veteran said, "A core contradiction in the processing of unstructured data is that data processors (business parties) have massive data and data value mining needs, but the technology investment of these business enterprises is often insufficient." Therefore, when building data security solutions, such enterprises need to actively introduce solutions from different roles throughout the lifecycle to work together. ”
"Although data security is crucial to enterprises, many enterprises still have a deep understanding of data security, security measures are not in place, and data security is not prioritized in business operations, which has buried major security risks for enterprises in the future." Ren Kui said.
In addition, Yan Shu also believes that security and development are equally important, and the coordination experience of enterprises for the two is relatively insufficient. Balancing the balance between data usage and data protection is a challenge. The problems to be solved include improving the awareness of the importance of data security, forming a normalized data security work and operation mechanism; strengthening the sorting out of data assets and risks, clarifying sensitive data assets, and achieving effective security protection; paying attention to personnel safety management, improving the security awareness of all employees, and preventing internal illegal data access.
Talent strength support is weak
In terms of data security talents, the support of data security reserve forces is weak. "Most of the data security practitioners are transformed from network and information security talents, and the talent pool is seriously insufficient." Yan Shu said.
According to the "Network Security Industry Talent Development Report" (2021 edition), due to the impact of the new crown pneumonia epidemic, the demand and supply of talents in the network security industry will decline significantly in 2020. However, the demand for talents in the network security industry in 2019 and 2021 increased significantly compared with the same period of the previous year, especially in the post-epidemic era when the resumption of work and production resumed, along with the economic recovery, the demand for network security talents in enterprises has also heated up. The increase in the first half of 2021 reached 39.87%, reflecting the overall increase in the penetration rate of network security in various industries and the significant increase in the importance of talent demand structure.
In the talent market where the demand for network security talents continues to heat up, although the supply of network security talents is steadily increasing every year, the supply of network security talents is still in short supply. Wang Xiaoqun, Executive Director of Recruitment Group Hays China, said, "After the relevant laws and regulations have been implemented, the explosive development of the industry will further highlight the pressure faced by Party A and Party B suppliers in the recruitment of professional talents, not only in software suppliers, network security, cloud services, social media and other subdivisions, with the acceleration of the digitalization process in all walks of life, such as financial technology, biopharmaceuticals, travel and other industries are facing a shortage of talents in the field of security." ”
According to the "2021 Hays Asia Salary Guide", the annual salary of network security-related grass-roots workers fluctuates between 300,000 yuan and 800,000 yuan, and the salary level is likely to have about 30% room for improvement, but the shortage of talent reserves is difficult to solve in the short term. "The current situation is 'the shortage of people on all lines', and the demand for talents on all lines is greater than the supply." Wang Xiaoqun added.
In addition to the shortage of talents, the industry also has the problem of "poor use" of talents, and the continuous progress of digital technology and the digital transformation of the real economy are inseparable from professional and innovative talents who master digital technology and can scientifically analyze and process data. As governments and enterprises gradually increase their requirements for data security, the demand for human capabilities is also rising.
Wang Xiaoqun believes that data security and previous software development are very similar, will become an indispensable infrastructure industry in the market, the future jobs will be more segmented, and the recruitment demand and employment prospects will remain hot for a long time.
"In the face of the complex challenges of data security, governments and enterprises need to make changes in their organization, management and technology, not only to ensure data security, but also to make data security truly serve and drive market development." Yang Zhiwei said.
Responsible Editor | Hong Yu
![Algorithms and pricing: The underlying logic of "big data killing" 丨 Wei Yan Yi[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)