双语：中国过半网贷公司滥取用户隐私数据

　　对200个金融应用进行的调查显示，111个应用的合规水平为“低”。违规行为包括读取短信和从用户的通信录收集电话号码，这些电话号码可能被用于骚扰造势，羞辱用户让其还款。

　　More than half of Chinese internet finance lenders are failing to comply with data privacy regulations, research has found, raising risks for investors as China steps up the implementation of laws to protect consumer data.

　　研究发现，超过半数的中国互联网金融贷款公司未能遵守数据隐私规定，给投资者带来风险。目前中国正在加大力度实施保护消费者数据的法律。

　　The breaches include collecting phone numbers from users’ contact lists, which can be used to mount harassment campaigns and shame users into repaying debts.

　　这些违规行为包括从用户的通信录中收集电话号码，这些电话号码可能被用于骚扰造势，通过羞辱用户来敦促其还款。

　　The survey of 200 finance apps by Renmin University and Nandu Personal Data Protection Research Centre, a Beijing think-tank, ranked 111 apps as having “low” compliance.

　　中国人民大学(分数线,专业设置)和北京智库-南都个人信息保护研究中心(Nandu Personal Data Protection Research Centre)对200个金融应用进行的调查显示，111个应用的合规水平为“低”。

　　It found that almost half - 95 apps - wanted to read users’ text messages, while 97 of them wanted access to users’ contact lists, despite such access not being necessary for the app’s functioning.

　　调查发现，几乎有一半-95个应用-试图读取用户的短信，而97个应用试图访问用户的通信录，尽管此类访问对于这些应用的正常运行并不必要。

　　By asking users for such information, the app providers are brushing against the country’s new personal information security standard to be implemented on May 1, which specifies that companies should seek the minimum information needed to make their apps work.

　　应用提供商要求用户提供此类信息，违反了中国即将于5月1日实施的《个人信息安全规范》。这一新标准规定，企业只能收集使其应用正常运行所需的最少信息。

　　“Investors should certainly expect more government scrutiny on their business model from a data protection perspective,” said Luo Yan, special counsel at the Covington & Burling law firm in Beijing.

　　“投资者肯定应该预计到，政府将从数据保护的角度对他们的商业模式进行更多的审查，” 美国科文顿.柏灵律师事务所(Covington & Burling law firm)驻北京的资深律师罗嫣表示。

　　Among the worst-scoring companies in the report are two of the world’s largest banks, Bank of China and China Construction Bank. Other offenders named were Yidai Credit, which is backed by SoftBank China, and the New York-listed Qudian.

　　报告中得分最低的公司包括两家全球大型银行-中国银行(Bank of China)和中国建设银行(China Construction Bank)。其他违规公司包括由软银（中国）(SoftBank China)支持的宜贷网(Yidai Credit)和在纽约上市的趣店(Qudian)。

　　Many apps lacked a privacy agreement that was available upon registration to explain what user data would be protected, leaving the user with little recourse if their details were leaked or misused.

　　许多应用在用户注册时，没有提供解释哪些用户数据将会受到保护的隐私协议。如果用户的详细信息被泄露或被滥用，他们几乎没有任何追索权。

　　Although all the apps surveyed collect sensitive financial data, most also ask for permission to access user data that is not needed for the functioning of the app, the report found.

　　报告发现，尽管所有被调查的应用都收集了用户的敏感财务数据，但多数应用还要求允许其访问应用正常运行并不需要的用户数据。

　　For example, more than half of the Android apps - including that of Bank of China - wanted microphone access, despite none having a voice input option, the researchers found.

　　例如，研究人员发现，超过半数的安卓(Android)应用-包括中行的应用-希望使用用户的麦克风，尽管这些应用并没有语音输入选项。

　　“The attitude of the vast majority of [companies] is ‘no matter whether we need the data or not, let’s collect it first and then decide’,” said Nadiya Ni, lead author of the report.

　　该报告的主要作者Nadiya Ni表示：“绝大多数（公司）的态度是，‘不管我们是否需要这些数据，我们先收集到手再说，然后决定如何使用’。”

　　Internet finance companies have a history of using personal information to shame debtors into repayment. Intrusive techniques to hound debtors - such as one debt-collecting “granny gang” who shamed and intimidated borrowers into repayment - have blossomed in the absence of a comprehensive credit-scoring system.

　　互联网金融公司有使用个人信息来羞辱借款人、以促使其偿还贷款的历史。在缺乏全面的信用评分体系的情况下，不停骚扰债务人的侵扰式方法-比如采用羞辱和恐吓方式促使借款人还钱的“大妈讨债团”应运而生 。

　　The privacy policy of one online lender, Ideal Treasure, stipulates that in the case of non-payment, the company has the right to share data with third parties, “based on their own judgment”. Ideal Treasure said it “began to improve compliance in strict accordance with regulations from 2017”.

　　网上贷款公司理想宝科技有限公司(Ideal Treasure)的隐私政策规定，如果借款人不还款，公司有权“根据其自己的判断”与第三方分享用户数据。理想宝表示，从2017年开始，公司“开始严格按照监管规定来改善合规水平”。

　　Bank of China said its app “strictly follows the laws and protects the rights of users”, adding that the installation process notifies users about its data collection policies and users sign physical copies of agreements when they open online accounts.

　　中行指出，其应用“严格遵守法律，保护用户的权利”，并补充说，安装过程中会向用户通报其数据收集政策，且用户在开通网上账户时，要签署协议的实物副本。

　　Qudian said it “attaches great importance to personal data protection and has built a strict personal information protection system”. The group’s user agreement states that the company protects personal data, “unless we get [users’] approval or we have to provide it because of legal obligations”.

　　趣店表示，其“非常重视个人数据保护，并建立了严格的个人信息保护系统”。该集团的用户协议指出，该公司保护个人数据，“除非获得（用户的）允许，或根据法律义务的要求不得不提供。”

　　China Construction Bank and Yidai did not respond to requests for comment.

　　建行和宜贷网没有回应记者的置评请求。