基于关联规则挖掘的移动应用程序个人信息过度收集治理研究  

作　　者：傅予 张卫 张溪瑨 Fu Yu;Zhang Wei;Zhang Xijin(Renmin University of China,Beijing 100872;Information Analysis Research Centre of RUC,Beijing 100872;People’s Public Security University of China,Beijing 100038)

机构地区：[1]中国人民大学信息资源管理学院,北京100872 [2]中国人民大学智能信息分析研究中心,北京100872 [3]中国人民公安大学法学院,北京100038

出　　处：《情报理论与实践》2025年第2期56-65,共10页Information Studies:Theory & Application

基　　金：国家自然科学基金项目“基于计算社会科学范式的旅游舆情自动内容分析方法与应用研究:以旅游危机沟通为例”(项目编号:72004224);国家自然科学基金项目“网约车平台数字化监管治理机制与政策研究”(项目编号:72434006)的成果。

摘　　要：[目的/意义]在大数据和移动互联网环境下,个人信息保护已成为国家信息治理现代化的重要组成部分。随着《中华人民共和国个人信息保护法》正式实施,我国信息安全保障体系进一步完善。然而,在个人信息保护实践中,移动应用程序过度收集个人信息的现象屡见不鲜,科学有效的个人信息保护策略亟待探索。[方法/过程]以《中华人民共和国个人信息保护法》的最小必要原则为切入点,基于478款热门应用程序的功能服务类型和信息权限获取数据,提出服务—权限二元有向关联规则挖掘方法,量化界定个人信息收集最小必要的合理范围。进一步采用交叉分析和用户生命周期理论模型分析个人信息过度收集的行为特征和主要动因,提出相应的治理策略。[结果/结论]对于不同功能服务类型的应用程序,信息收集行为特征共性与特性并存;个人信息过度收集行为的主要动因包括精准用户画像、注意力资源抢占、社交网络介入等。在个人信息保护实践中,可综合使用精细描述、动态预警、分而治之和预防监管策略,提升个人信息保护效能。[Purpose/significance]In the context of big data and mobile internet,personal information protection has become an essential part of the modernization of national information governance.With the official implementation of the Personal Information Protection Law,China’s information security system has been further enhanced.However,in practice,the phenomenon of excessively collecting personal information in mobile applications is not uncommon,and there is an urgent need to explore scientific and effective personal information protection strategies.[Method/process]Taking the minimum necessary principle of personal information collection as the starting point,this study proposes a Service-Permission binary directed Association Rule Mining method(SPARM)to quantitatively determine the reasonable scope of minimum personal information collection based on the functional service types and information permission acquisition data of 478 popular applications.Furthermore,cross-analysis and the user life-cycle theory model are utilized to analyze the behavioral characteristics and main motivations of excessive personal information collection,aiming to propose corresponding personal information protection strategies.[Result/conclusion]The study finds that for applications with different service types,there are both commonalities and specificities in the characteristics of information collection behavior.The main motivations of excessive personal information collection include precise user profiling,attention resource preemption,and rapid involvement in social networks.In the practice of personal information protection,strategies such as fine description,dynamic warning,divide and conquer,and prophylactic regulation can be used comprehensively to enhance the effectiveness of personal information protection.

关 键 词：个人信息保护 信息安全 信息治理 移动应用程序 关联规则挖掘 

分 类 号：D922.16[政治法律—宪法学与行政法学]