JP2018147299A - Information management apparatus, information management method, and computer program - Google Patents

Abstract

An object of the present invention is to reduce the user's burden when the user confirms a privacy policy that a service provider requires the user to agree to. Kind Code: A1 An information management device stores unified expression data, which is expression data for unifying various expressions of a privacy policy, in a database, and presents it to a user based on text data of a privacy policy for which user consent is obtained. The display data for displaying the privacy policy display area and the consent designation area for designating the user's consent to the display contents of the privacy policy display area on the display screen of the terminal device is created using unified expression data, and the display data is It transmits to the terminal device of the user, receives response data indicating whether or not the consent designation area of the display data is designated from the terminal device, and records whether or not the user consents to the privacy policy based on the response data. [Selection drawing] Fig. 1

Description

  The present invention relates to an information management apparatus, an information management method, and a computer program.

  In many services, a user who wants to use a service can apply for the desired service from his / her terminal device. In general, when a user wishes to use a service, a service application screen is transmitted from the service provider. The service application screen displays user information determined by the service provider and acquired in the service. It is required to agree to the privacy policy that defines the handling. Here, the user information is, for example, personal information such as name, date of birth, address, telephone number, location information, service usage history, or individual information that can identify an individual by combining a plurality of pieces of information, This refers to information related to individual behavior and privacy information that is not desired to be disclosed. The handling of user information is, for example, whether or not the acquired user information is provided by a third party and a storage period. The user is required to agree after understanding the contents.

  Regarding a technique for accessing personal data, a technique for determining whether or not to permit access to a user's resource based on the access policy of the user when access to the user's resource is detected is known. (For example, refer to Patent Document 1).

JP 2014-178727 A

  In many cases, the disclosure of the privacy policy from the service provider to the user and the consent procedure can be performed by a GUI (Graphical User Interface). Then, for example, the user is required to determine whether or not to give consent after confirming the type of user information requested to be provided and its handling in the GUI. Each time a user applies for the use of a new service, the user must decide whether to agree to the privacy policy for that service. In addition, with the diversification and complexity of services and the sophistication of terminal devices, the types of user information that service providers want to provide are increasing, and the burden on users confirming privacy policies for consent increases. Have been doing.

  The present invention has been made to solve the above-described problems, and an object of the present invention is to reduce the burden on the user when the service provider confirms the privacy policy that the user asks for consent.

(1) One aspect of the present invention is based on a database that stores unified expression data that is expression data that unifies expressions like a privacy policy, and text data of a privacy policy that is subject to user consent. Using the unified expression data, display data for displaying on the display screen of the terminal device a privacy policy display area to be presented to the user and an agreement designation area for designating the user's consent for display contents of the privacy policy display area. A display data creation unit to create, a communication unit that transmits the display data to the terminal device of the user, and receives response data indicating presence / absence of designation of the consent designation area of the display data from the terminal device, and the response Records the presence or absence of the user's consent for the subject privacy policy based on the data A recording unit, an information management apparatus comprising a.
(2) One aspect of the present invention is the information management apparatus according to (1), wherein the recording unit further records text data of a privacy policy with the user's consent, and the display data creation unit is the user An information management device that extracts a difference between the text data of a privacy policy to which consent is obtained again from the text data of the privacy policy with the user's consent and emphasizes the extracted difference in the privacy policy display area is there.
(3) One aspect of the present invention is the information management device according to any one of (1) and (2), wherein the recording unit further records text data of a basic privacy policy of the user, and the display data The creation unit extracts a difference between the text data of the privacy policy for which consent is obtained from the user and the text data of the basic privacy policy of the user, and emphasizes the extracted difference in the privacy policy display area. It is an information management device.

(4) According to one aspect of the present invention, the information management apparatus stores in the database unified expression data, which is expression data that unifies expressions such as a privacy policy, and the information management apparatus performs user consent. Based on the text data of the privacy policy to be obtained, a privacy policy display area to be presented to the user and an agreement designation area for designating the user's consent for display contents of the privacy policy display area are displayed on the display screen of the terminal device Display data creation step for creating display data using the unified expression data; and the information management device transmits the display data to the terminal device of the user, and the consent of the display data from the terminal device. A communication step for receiving response data indicating whether or not a designated area is designated, and the information management device , On the basis of the response data, and a recording step of recording the presence or absence of consent of the user for the subject of privacy policy, the information management method including.

(5) According to one aspect of the present invention, a database function for storing unified expression data, which is expression data for unifying expressions like a privacy policy, and text data of a privacy policy for obtaining a user's consent are stored in a computer. Display data for displaying a privacy policy display area to be presented to the user and an agreement designation area for designating the user's consent on the display contents of the privacy policy display area on the display screen of the terminal device, the unified expression data A display data creation function created using a communication function, and a communication function for transmitting the display data to the terminal device of the user and receiving response data indicating whether or not the consent designation area of the display data is designated from the terminal device And the user's privacy policy based on the response data. A recording function for recording the presence or absence of consent The is a computer program for implementing the.

  ADVANTAGE OF THE INVENTION According to this invention, the user's burden at the time of a user confirming the privacy policy which a service provider asks a user for consent can be reduced.

It is a figure which shows the structural example of the communication system which concerns on one Embodiment. It is a block diagram which shows the structural example of the privacy protection apparatus 100 which concerns on one Embodiment. It is a figure which shows the structural example of the database 1100 which concerns on one Embodiment. It is a sequence chart which shows the procedure of the example 1 of the information management method which concerns on one Embodiment. It is a figure showing an example of display screen 660 of terminal unit 10N concerning one embodiment. It is a figure which shows the structural example of the authorization setting table 1701 which concerns on one Embodiment. It is a sequence chart which shows the procedure of the example 2 of the information management method which concerns on one Embodiment. It is a sequence chart which shows the procedure of the example 3 of the information management method which concerns on one Embodiment. It is a figure which shows the example of the prior setting registration screen 560 of 10 N of terminal devices which concern on one Embodiment. It is a figure which shows the structural example of the preset table 1703 which concerns on one Embodiment.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a diagram illustrating a configuration example of a communication system according to an embodiment. 1, the communication system includes terminal devices 101, 102,..., 10N (N is an integer of N> 0), privacy protection device 100, service providing devices T01, T02,. M is an integer of M> 0). The privacy protection device 100 is connected to a communication network 20 such as a mobile communication network, and terminal devices 101, 102,..., 10N are connected to the communication network 20. The privacy protection device 100 is connected to a communication network 50 such as the Internet, and service providing devices T01, T02,..., T0M are connected to the communication network 50.

  Note that the communication network 20 and the communication network 50 may be the same network.

  The service providing device T0M is used by a service provider to provide various services to the terminal device 10N. Hereinafter, an arbitrary terminal device among the terminal devices 101, 102,..., 10N is referred to as a terminal device 10N. Of the service providing devices T01, T02,..., T0M, an arbitrary service providing device is referred to as a service providing device T0M.

  The terminal device 10N is used by a user who desires to use the service provided by the service providing device T0M for setting operation as to whether or not the user information of the user may be provided to the service provider, and for using the service.

  The terminal device 10N according to the present embodiment may be realized by dedicated hardware, or is configured by a CPU (Central Processing Unit) and a memory, and realizes the functions of each unit. The function may be realized by the CPU executing a computer program for doing so. For example, the terminal device 10N may be a mobile communication terminal device such as a smartphone or a tablet computer (tablet PC), or a stationary communication terminal device (for example, a stationary personal computer, a cable, It may be a set top box (STB) for television broadcasting or the like.

  FIG. 2 is a block diagram illustrating a configuration example of the privacy protection device 100 according to the present embodiment. In the present embodiment, the privacy protection device 100 is an example of an information management device. In FIG. 2, the privacy protection device 100 includes a database 1100, a display data creation unit 1300, a communication unit 1500, and a recording unit 1700.

  The database 1100 stores various data used by the privacy protection device 100. The database 1100 stores, for example, unified expression data that is expression data for unifying expressions such as privacy policies. The display data creation unit 1300 creates display data to be displayed on the display screen of the terminal device 10N. The display data creation unit 1300, for example, based on the text data of the privacy policy for which the user's consent is obtained, an agreement that specifies the user's consent for the privacy policy display area to be presented to the user and the display contents of the privacy policy display area Display data for displaying the designated area on the display screen of the terminal device 10N is created using the unified expression data in the database 1100.

  The communication unit 1500 communicates with the terminal device 10N via the communication network 20. The communication unit 1500 communicates with the service providing apparatus T0M via the communication network 50. For example, the communication unit 1500 transmits the display data created by the display data creation unit 1300 to the user terminal device 10N, and receives response data indicating whether or not the consent designation area of the display data is designated from the terminal device 10N. .

  The recording unit 1700 records data. For example, the recording unit 1700 records the presence / absence of the user's consent with respect to the privacy policy to be obtained with the user's consent based on the response data received by the communication unit 1500.

  The privacy protection device 100 according to the present embodiment may be realized by dedicated hardware, or is configured by a CPU and a memory, and the CPU executes a computer program for realizing the functions of each unit. By doing so, the function may be realized. For example, the privacy protection device 100 is configured by a general-purpose computer such as a personal computer, and the computer executes a computer program for realizing the functions of each part of the privacy protection device 100 shown in FIG. It may be realized.

  FIG. 3 is a diagram illustrating a configuration example of the database 1100 according to the present embodiment. In FIG. 3, a database 1100 stores unified expression data. The unified expression data is expression data that unifies expressions like the privacy policy. The database 1100 stores unified expression data and expression contents corresponding to the unified expression data in association with each other.

  In the example of FIG. 3, the unified expression data includes a term_1 that unifies a plurality of terms_1a, term_1b, and term_1c of the privacy policy. For example, the term_1 is “name”, and is a term that unifies a plurality of terms_1a “name”, term_1b “your name”, and term_1c “first name” related to “name”. In the example of FIG. 3, the unified expression data includes a fixed sentence_2 that unifies a plurality of sentences_2a, sentences_2b, and sentences_2c of the privacy policy.

  In the example of FIG. 3, the unified expression data includes an image_3 representing the information type_3a of the privacy policy. For example, the image_3 is an image representing the information type_3a “name”. The image_3 may be an icon.

  In the example of FIG. 3, the unified expression data includes table format data_4 for creating a table of table format_4a for expressing the privacy policy.

  The database 1100 stores unified expression data in advance.

  Next, an information management method according to this embodiment will be described.

[Example 1 of information management method]
With reference to FIG. 4, Example 1 of the information management method according to the present embodiment will be described. FIG. 4 is a sequence chart showing the procedure of Example 1 of the information management method according to the present embodiment. Example 1 of the information management method is a procedure when the user requests use of a service.

(Step S11) The terminal device 10N transmits a service use start application to the privacy protection device 100 in accordance with a user operation. The service use start application is a message including a service ID and a user ID. The service ID is information for identifying a service provided by the service providing apparatus T0M. The user ID is information for identifying the user. The privacy protection device 100 receives a service use start application from the communication unit 1500. The privacy protection apparatus 100 holds the received service use start application.

(Step S12) The privacy protection apparatus 100 transmits a privacy policy transmission request including the service ID to the service providing apparatus T0M corresponding to the service ID included in the received service use start application by the communication unit 1500. The privacy protection apparatus 100 holds information that associates the service ID with the service providing apparatus T0M in advance. The privacy policy transmission request is a message including a service ID, and is a message requesting transmission of a privacy policy defined by a service provider. The privacy policy transmission request is received by the service providing apparatus T0M.

(Step S13) The service providing apparatus T0M transmits privacy policy data corresponding to the service ID included in the received privacy policy transmission request to the privacy protection apparatus 100. The privacy policy data corresponding to the service ID is text data in which a privacy policy defined by a service provider that provides a service corresponding to the service ID is described in text. The privacy protection device 100 receives privacy policy data through the communication unit 1500.

(Step S14) The recording unit 1700 of the privacy protection device 100 records the received privacy policy data in association with the corresponding service ID.

(Step S15) The display data creation unit 1300 of the privacy protection device 100 is associated with the service ID included in the service use start application received from the terminal device 10N and is stored in the recording unit 1700 (hereinafter referred to as target privacy). Display data to be displayed on the display screen of the terminal device 10N. This display data is display data (hereinafter referred to as “privacy policy display data”) for performing a display for asking the user whether or not to agree with the privacy policy of the target privacy policy data. An example of this privacy policy display data creation method will be described below.

(Example of how to create privacy policy display data)
The display data creation unit 1300 extracts key words from the text of the target privacy policy data. The key word is a word used as a word expressing the key point in the expression of the privacy policy. The key word is stored in the database 1100 in advance. The display data creation unit 1300 extracts words that match the key words in the database 1100 from the text of the target privacy policy data.

  The display data creation unit 1300 acquires unified expression data corresponding to each of the key words extracted from the text of the target privacy policy data from the database 1100. For example, in the example of FIG. 3, when the key word is the term_1a “name”, the display data creation unit 1300 acquires the unified expression data “term_1“ name ”” from the database 1100. Further, the display data creation unit 1300 acquires the unified expression data “image — 3” corresponding to the information type — 3 a “name” from the database 1100.

  When there is a sentence that matches or is similar to the expression content “text” corresponding to the unified expression data “standard text” in the database 1100 in the text of the target privacy policy data, the display data creation unit 1300 includes the unified expression data. A “standard sentence” is acquired from the database 1100. For example, in the example of FIG. 3, when there is a sentence that matches or is similar to the expression content “sentence_2a” in the text of the target privacy policy data, the display data creation unit 1300 uses the unified expression data “standard sentence_2”. Obtain from the database 1100.

  The display data creation unit 1300 acquires the unified expression data “table format data” corresponding to the expression content “table format” from the database 1100. For example, in the example of FIG. 3, the display data creation unit 1300 acquires the unified expression data “table format data_4” corresponding to the expression content “table format_4a” from the database 1100. The expression content “table format” to be applied is set in the privacy protection apparatus 100 in advance.

  The display data creation unit 1300 uses the unified expression data “term”, “image”, “standard sentence”, and “tabular data” acquired from the database 1100 to display a privacy policy display on the display screen of the terminal device 10N. Create data. FIG. 5 is a diagram illustrating an example of the display screen 660 of the terminal device 10N according to the present embodiment. The display screen 660 is a display screen displayed on the terminal device 10N by the privacy policy display data created by the display data creation unit 1300.

  In FIG. 5, the display screen 660 is configured in a table format using the unified expression data “table format data”. The display data creation unit 1300 creates the privacy policy display data of the table format screen content of the display screen 660 using the unified expression data “table format data”.

  Display screen 660 includes an application service name 615, a privacy policy display area 670, an agreement designation area 620, and a non-agreement designation area 622. The privacy policy display area 670 is configured in a table format using the unified expression data “table format data”. The display data creation unit 1300 creates privacy policy display data related to the privacy policy display area 670 using the unified expression data “table format data”.

  The privacy policy display area 670 includes “user information that the service provider requests the user to provide (hereinafter referred to as requested user information)” based on the text of the target privacy policy data. The display data creation unit 1300 analyzes the text of the target privacy policy data and determines the requested user information. The privacy policy display area 670 includes name 602, telephone number 604, mail address 606, contractor detailed information 608, family information 610, address 612, and residence information 614 as requested user information. The display data creation unit 1300 uses the unified expression data “term” as the term of the requested user information.

  The privacy policy display area 670 includes images 632, 634, 636, 638, 640, 642, and 644 for each requested user information. The display data creation unit 1300 uses the unified expression data “image” corresponding to each requested user information for the images 632, 634, 636, 638, 640, 642, 644. For example, in the example of FIG. 3 described above, the display data creation unit 1300 uses the unified expression data “image — 3” corresponding to the information type — 3 a “name” for the image 632 of the name 602.

  As an example of this embodiment, the images 632, 634, 636, 638, 640, 642, and 644 are icons. Each image (icon) 632, 634, 636, 638, 640, 642, 644 is an icon for displaying a description of the privacy policy relating to the corresponding requested user information. For example, when an image (icon) 632 having a name 602 displayed on the display screen 660 of the terminal device 10N is designated by a user operation, a description of the privacy policy related to the name is displayed. The display data creation unit 1300 includes, in the privacy policy display data, link information that associates a description of the privacy policy related to each requested user information of the target privacy policy data with an icon of each requested user information.

  The privacy policy display area 670 includes check boxes 601, 603, 605, 607, 609, 611, and 613 for each requested user information. The display data creation unit 1300 uses the unified expression data “check box image” corresponding to the information type “check box” for the images of the check boxes 601, 603, 605, 607, 609, 611, and 613.

  The unified expression data “table format data” includes information specifying each arrangement of requested user information, images (icons), and check box images. The display data creation unit 1300 displays a privacy policy display area 670 in which the requested user information, images (icons), and check box images are arranged in the display screen 660 according to the unified expression data “table format data”. Create policy display data.

  The consent designation area 620 includes a button (hereinafter, referred to as consent button) 620 representing consent. The non-agreement designation area 622 includes a button (hereinafter referred to as a non-agreement button) 622 indicating that the user does not agree. The display data creation unit 1300 uses the unified expression data “consent button image” corresponding to the information type “consent button” as the image of the consent button 620. The display data creation unit 1300 uses the unified expression data “non-consent button image” corresponding to the information type “non-consent button” as the image of the non-consent button 622. The arrangement of the consent button 620 and the non-agreement button 622 is set in advance in the privacy protection device 100 as a privacy policy display data creation rule. The display data creation unit 1300 creates privacy policy display data that causes the consent button 620 and the non-agreement button 622 to be displayed in the display screen 660 according to the privacy policy display data creation rule.

  The above is an explanation of an example of a privacy policy display data creation method. Hereinafter, the display screen 660 of FIG. 5 will be described as an example.

Returning to FIG.
(Step S <b> 16) The privacy protection device 100 transmits privacy policy display data to the terminal device 10 </ b> N that is the transmission source of the service use start application using the communication unit 1500. The privacy policy display data is received by the terminal device 10N.

(Step S17) The terminal device 10N displays the display screen 660 illustrated in FIG. 5 on its own display device based on the received privacy policy display data. The user refers to the display screen 660 and performs an operation of designating the consent button 620 when agreeing as it is. On the other hand, when the user does not agree as it is, an operation of designating the consent button 620 after inputting a check (for example, a check mark) in the check box or deleting a check (for example, a check mark) input in the check box. I do. Alternatively, the user performs an operation of designating the non-agreement button 622 when not agreeing.

  When an operation for designating either the consent button 620 or the non-agreement button 622 is performed, the terminal device 10N transmits a privacy policy consent response to the privacy protection device 100. The privacy policy consent response is response data indicating whether or not the consent button 620 is designated (whether or not the consent designation area 620 is designated).

  As an example of the present embodiment, the privacy policy consent response is response data indicating whether the consent button 620 or the non-agreement button 622 is designated. Furthermore, the privacy policy consent response is response data indicating whether or not a check is input to the check box when the consent button 620 is designated. Furthermore, the privacy policy consent response is response data indicating which check box is checked when the check button is entered when the consent button 620 is designated. In the case where the consent button 620 is designated, if all the check boxes are not checked, it indicates that the user has agreed to provide all requested user information. When the consent button 620 is specified, if a check is entered in at least one check box, the user agrees to provide only requested user information for which the check is entered in the check box. Represent.

  On the other hand, when the consent button 620 is not designated, it represents that the user has not agreed to provide the requested user information for all the requested user information. Similarly, when the non-agreement button 622 is designated, it represents that the user has not agreed to provide the requested user information for all the requested user information.

  The privacy protection apparatus 100 receives a privacy policy consent response through the communication unit 1500. The privacy protection device 100 holds the received privacy policy consent response.

(Step S18) Based on the received privacy policy consent response, the recording unit 1700 of the privacy protection device 100 records the presence or absence of the user's consent for the privacy policy of the target to obtain the user's consent. As an example of this embodiment, the recording unit 1700 includes an authorization setting table that records the presence or absence of user consent. FIG. 6 is a diagram showing a configuration example of the authorization setting table 1701 according to the present embodiment. The recording unit 1700 includes an authorization setting table 1701 for each service ID.

  In FIG. 6, the authorization setting table 1701 stores a set of user information identification information and handling rules in association with the user ID. The user information identification information is information for identifying the type of user information. The user information identification information is preset in the privacy protection device 100. The handling rule paired with the user information identification information in the authorization setting table 1701 of a certain service ID may provide the user information of the user information identification information to the service providing apparatus T0M of the service ID (possible) ) Or not.

  When the privacy policy consent response indicates that the user has agreed to provide all the requested user information, the recording unit 1700 uses the service ID authorization setting table 1701 included in the service use start application of the user. The handling rule for all user information identification information is set to “OK” in association with the user ID of the user. When the privacy policy consent response indicates that the user has agreed to provide only requested user information whose checkbox is checked, the recording unit 1700 is included in the service use start application of the user. In the service ID authorization setting table 1701, the handling rule of the user information identification information of the requested user information whose check box is input in association with the user ID of the user is set to “permitted”, and other requests The handling rule of the user information identification information of the user information is set to “No”.

  On the other hand, when the privacy policy consent response indicates that the user does not agree to provide the requested user information for all requested user information, the recording unit 1700 applies the service usage start application for the user. In the service ID authorization setting table 1701 included in the service ID, the handling rule for all user information identification information is set to “No” in association with the user ID of the user.

(Step S19) The privacy protection apparatus 100 transmits a response to the service provider regarding the user ID included in the service use start application to the service providing apparatus T0M corresponding to the service ID included in the service use start application. The response to the service provider is response data including a set of all user information identification information and handling rules associated with the user ID in the authorization setting table 1701 for the service ID. The response to the service provider is received by the service providing apparatus T0M.

  Based on the received response to the service provider, the service providing apparatus T0M associates the user ID regarding the response to the service provider and the service ID included in the privacy policy transmission request to the service provider. Records a set of all user information identification information and handling rules included in the response. The service providing apparatus T0M determines whether or not to provide the service with the service ID according to the contents of the set of the recorded user information identification information and the handling rule for the user ID. The content of the service provided when providing the service is determined.

  The above is the description of the example 1 of the information management method.

[Example 2 of information management method]
With reference to FIG. 7, Example 2 of the information management method according to the present embodiment will be described. FIG. 7 is a sequence chart showing the procedure of the example 2 of the information management method according to the present embodiment. Example 2 of the information management method is a procedure when the service provider changes the privacy policy after the above-described example 1 of the information management method is completed. In example 2 of the information management method, the privacy protection apparatus 100 extracts the difference between the text data of the privacy policy that is the target of obtaining the user's consent again and the text data of the privacy policy with the user's consent, and the privacy policy display area The extracted difference is emphasized at. It should be noted that only the key words in the extracted difference may be emphasized.

(Step S31) The service providing apparatus T0M transmits privacy policy update data corresponding to the service ID of the service whose service provider changes the privacy policy to the privacy protection apparatus 100. The privacy policy update data corresponding to the service ID is text data in which the changed privacy policy defined by the service provider providing the service corresponding to the service ID is described in text. The privacy protection apparatus 100 receives privacy policy update data through the communication unit 1500.

(Step S32) The recording unit 1700 of the privacy protection device 100 records the received privacy policy update data in association with the corresponding service ID.

(Step S33) The display data creation unit 1300 of the privacy protection device 100 is associated with the service ID included in the service use start application received from the terminal device 10N, and is updated with the privacy policy update data recorded in the recording unit 1700 (hereinafter referred to as target). Terminal device 10N based on the latest privacy policy data before change (hereinafter referred to as privacy policy data immediately before change) recorded in the recording unit 1700 in association with the service ID. Create privacy policy update display data to be displayed on the display screen. The target privacy policy update data is text data of a target privacy policy for which consent is obtained again from the user. The privacy policy data immediately before change is text data of a privacy policy with user consent. The privacy policy update display data is display data for performing a display for asking the user again whether or not to agree with the privacy policy of the target privacy policy update data. An example of this privacy policy update display data creation method will be described below.

(Example of privacy policy update display data creation method)
The display data creation unit 1300 uses the target privacy policy update data, and updates the privacy policy that causes the terminal device 10N to display the display screen 660 illustrated in FIG. 5, similarly to the example of the privacy policy display data creation method described above. Create display data. However, in the privacy policy update display data creation method, the difference between the target privacy policy update data and the privacy policy data immediately before change is extracted, and the extracted difference is highlighted in the privacy policy display area 670 of the display screen 660. .
Note that the risk level for the change in the privacy policy may be determined according to the extracted difference amount, and the risk level “high”, “medium”, or “low” may be displayed. You may judge that a risk level is so high that the difference amount before and behind the change of a privacy policy is large.

  The display data creation unit 1300 determines the requested user information changed from the privacy policy data immediately before the change in the target privacy policy update data. The display data creation unit 1300 displays the privacy policy update display data that makes the display part in the privacy policy display area 670 of the requested user information whose result of the determination has been changed more emphasized than the display part of other requested user information. Create As a display method to be emphasized, for example, the character or background color of the display portion of the requested user information to be emphasized is set to be more conspicuous than the characters and background colors of the other display portions of the requested user information. . As an example of the display method to be emphasized, the character or background color of the requested user information to be emphasized is set to a prominent color such as red or yellow, and the other parts of the requested user information to be displayed are black and the background is white. To.

  The above is an explanation of an example of a privacy policy update display data creation method.

Returning to FIG.
(Step S34) The privacy protection device 100 transmits the privacy policy update display data to the terminal device 10N that is the transmission source of the service use start application through the communication unit 1500. The privacy policy update display data is received by the terminal device 10N.

(Step S35) The terminal device 10N displays the display screen 660 illustrated in FIG. 5 on its own display device based on the received privacy policy update display data. However, in the privacy policy display area 670 of the display screen 660, the display portion of the requested user information changed from the privacy policy data immediately before change is displayed more emphasized than the display portions of other requested user information. Thereby, the user can grasp | ascertain easily the request | requirement user information changed from the content which agreed previously. The user refers to the display screen 660 and performs an operation of designating the consent button 620 when agreeing as it is. On the other hand, when the user does not agree as it is, an operation of designating the consent button 620 after inputting a check (for example, a check mark) in the check box or deleting a check (for example, a check mark) input in the check box. I do. Alternatively, the user performs an operation of designating the non-agreement button 622 when not agreeing.

  When an operation for designating either the consent button 620 or the non-agreement button 622 is performed, the terminal device 10N transmits a privacy policy update consent response to the privacy protection device 100. The privacy policy update consent response is response data similar to the privacy policy consent response in Example 1 of the information management method described above. The privacy protection device 100 receives the privacy policy update consent response through the communication unit 1500. The privacy protection device 100 holds the received privacy policy update consent response.

(Step S36) Based on the received privacy policy update consent response, the recording unit 1700 of the privacy protection device 100 changes the content of the authorization setting table 1701 if there is a change in the content of the corresponding authorization setting table 1701. Specifically, in the authorization setting table 1701, the setting of the handling rules for user information identification information that has changed among the handling rules for user information identification information associated with the user ID of the user is changed.

(Step S37) The privacy protection apparatus 100 transmits a response to the service provider regarding the user ID included in the service use start application to the service providing apparatus T0M corresponding to the service ID included in the service use start application. The response to the service provider is response data including a set of all user information identification information and handling rules associated with the user ID in the authorization setting table 1701 for the service ID. The response to the service provider is received by the service providing apparatus T0M.

  Based on the received response to the service provider, the service providing apparatus T0M associates all the users included in the response to the service provider in association with the user ID and the service ID for the response to the service provider. A set of information identification information and handling rules is recorded. As a result, the content of the user's consent to the changed privacy policy is recorded in the service providing apparatus T0M. Whether the service providing apparatus T0M provides the service of the service ID according to the contents of the set of the recorded latest user information identification information and the handling rule for the user ID, The contents of the service provided when the service with the service ID is provided are determined.

  The above is the description of the example 2 of the information management method.

[Example 3 of information management method]
With reference to FIG. 8, Example 3 of the information management method according to the present embodiment will be described. FIG. 8 is a sequence chart showing the procedure of the example 3 of the information management method according to the present embodiment. The information management method example 3 is a modification of the above-described information management method example 1. In FIG. 8, the parts corresponding to the steps in FIG. In example 3 of the information management method, the privacy protection device 100 further records text data of the user's basic privacy policy, and the text data of the privacy policy for which the consent is obtained from the user and the text of the user's basic privacy policy. The difference with the data is extracted, and the extracted difference is emphasized in the privacy policy display area.

(Step S51) The terminal device 10N transmits a preset registration application to the privacy protection device 100 in accordance with a user operation. The service use start application is a message including a user ID. The privacy protection apparatus 100 receives a preset registration application through the communication unit 1500. The privacy protection device 100 holds the received advance setting registration application.

(Step S52) The privacy protection apparatus 100 transmits the preset registration display data to the terminal device 10N that is the transmission source of the preset registration application by the communication unit 1500. The preset registration display data is created in advance and held in the privacy protection device 100. The preset registration display data is received by the terminal device 10N.

(Step S53) The terminal device 10N displays a preset registration screen on its own display device based on the received preset registration display data. FIG. 9 is a diagram illustrating an example of a pre-registration registration screen 560 of the terminal device 10N according to the present embodiment. The preset registration screen 560 is a display screen displayed on the terminal device 10N by preset registration display data.

  In FIG. 9, the preset registration screen 560 includes a preset privacy policy display area 570 and an OK button 515. The preset privacy policy display area 570 includes user information to be preset (hereinafter referred to as preset user information). The preset user information is preset in the privacy protection device 100. The preset privacy policy display area 570 includes name 502, telephone number 504, e-mail address 506, contractor detailed information 508, family information 510, address 512, and residence information 514 as preset user information.

  The preset privacy policy display area 570 includes images 532, 534, 536, 538, 540, 542, and 544 for each preset user information. Images 532, 534, 536, 538, 540, 542, and 544 are preset in the privacy protection device 100. As an example of the present embodiment, the images 532, 534, 536, 538, 540, 542, and 544 are icons. Each image (icon) 532, 534, 536, 538, 540, 542, 544 is an icon for displaying a description of the privacy policy relating to the corresponding preset user information. For example, when an image (icon) 532 of the name 502 displayed on the pre-setting registration screen 560 of the terminal device 10N is designated by a user operation, a description of the privacy policy related to the name is displayed. The preset registration display data includes link information that associates an explanation of the privacy policy related to each preset user information and an icon of each preset user information.

  The preset privacy policy display area 570 includes check boxes 501, 503, 505, 507, 509, 511, and 513 for each preset user information. Images of check boxes 501, 503, 505, 507, 509, 511, 513 are preset in the privacy protection device 100.

  The OK button 515 is a button for designating that the user agrees to provide the preset user information.

  The user refers to the pre-setting registration screen 560 displayed on the terminal device 10N, and performs an operation of specifying the OK button 515 when agreeing as it is. On the other hand, if the user does not agree as it is, an operation of specifying an OK button 515 after inputting a check (for example, a check mark) in the check box or deleting a check (for example, a check mark) input in the check box. I do. Alternatively, when the user does not agree, the user performs an operation to end the display of the pre-setting registration screen 560 without performing the operation of specifying the OK button 515.

  When an operation for specifying the OK button 515 or an operation for terminating the display of the preset registration screen 560 is performed, the terminal device 10N transmits a preset registration response to the privacy protection device 100. The preset registration response is response data indicating whether or not the OK button 515 is designated.

  As an example of this embodiment, the preset registration response is response data indicating whether or not a check has been input to the check box when the OK button 515 is designated. Furthermore, the preset registration response is response data indicating which check box is input when a check is input to the check box when the OK button 515 is designated. In the case where the OK button 515 is designated, if all the check boxes are not checked, it indicates that the user has agreed to provide all the preset user information. When the OK button 515 is specified, the user agrees to provide only the preset user information in which the check is input in the check box when the check is input in at least one check box Represents.

  On the other hand, when the OK button 515 is not designated, it indicates that the user does not agree to provide the preset user information for all the preset user information.

  The privacy protection device 100 receives the preset registration response through the communication unit 1500. The privacy protection device 100 holds the received preset registration response.

(Step S54) The recording unit 1700 of the privacy protection device 100 records the presence / absence of the user's consent for provision of the preset user information based on the received preset registration response. As an example of the present embodiment, the recording unit 1700 includes a preset table that records the presence / absence of user consent for provision of preset user information. FIG. 10 is a diagram showing a configuration example of the advance setting table 1703 according to the present embodiment.

  In FIG. 10, a preset table 1703 stores a set of user information identification information and basic handling rules in association with a user ID. The basic handling rule paired with the user information identification information in the preset table 1703 may provide the user information of the user information identification information to an arbitrary service providing apparatus T0M (possible). This is information indicating whether or not.

  When the preset registration response indicates that the user has agreed to provide all preset user information, the recording unit 1700 associates all the users with the user ID of the user in the preset table 1703. Set the basic handling rule for information identification information to “Yes”. When the preset registration response indicates that the user has agreed to provide only the preset user information in which a check is input in the check box, the recording unit 1700 displays the user's agreement in the preset table 1703. The basic handling rule of the user information identification information of the preset user information whose check box is entered in association with the user ID is set to “permitted”, and the user information identification information of other preset user information Set the basic handling rule of to "No".

  On the other hand, when the preset registration response indicates that the user does not agree to provide preset user information for all preset user information, the recording unit 1700 stores the preset registration response in the preset table 1703. The basic handling rule for all user information identification information is set to “No” in association with the user ID of the user.

  The recording unit 1700 records text data (basic privacy policy data) representing basic handling rules for each user information identification information for each user in the preset table 1703. The recording unit 1700 creates basic privacy policy data using the standard text data of the basic privacy policy data. The standard text data is preset in the privacy protection device 100. The recording unit 1700 creates basic privacy policy data by describing basic handling rules for each user information identification information at a predetermined data position in the standard text data.

  Next, steps S11 to S14 are executed. Steps S11 to S14 are the same as those in the information management method example 1. Next, step S55 is executed.

(Step S55) The display data creation unit 1300 of the privacy protection device 100 associates the privacy policy data (target privacy policy data) recorded in the recording unit 1700 with the service ID included in the service use start application received from the terminal device 10N. ) And basic privacy policy data of the user (hereinafter referred to as basic privacy policy data) recorded in the recording unit 1700, privacy policy difference display data to be displayed on the display screen of the terminal device 10N is created. To do.

  Similar to the privacy policy display data according to the information management method example 1, the privacy policy difference display data is display data for displaying to ask the user whether or not to agree with the privacy policy of the target privacy policy data. . However, the privacy policy difference display data is display data for performing display that emphasizes the difference between the privacy policy of the target privacy policy data and the basic privacy policy data. An example of this privacy policy difference display data creation method will be described below.

(Example of privacy policy difference display data creation method)
The display data creation unit 1300 uses the target privacy policy data to display the display screen 660 illustrated in FIG. 5 on the terminal device 10N as in the example of the privacy policy display data creation method described above. Create data. However, in the privacy policy difference display data creation method, the difference between the target privacy policy data and the basic privacy policy data is extracted, and the extracted difference is highlighted in the privacy policy display area 670 of the display screen 660.

  The display data creation unit 1300 determines requested user information different from the basic privacy policy data in the target privacy policy data. The display data creation unit 1300 creates privacy policy difference display data that makes the display part in the privacy policy display area 670 of the requested user information different in the determination result to be emphasized more than the display part of other requested user information. To do. As a display method to be emphasized, for example, the character or background color of the display portion of the requested user information to be emphasized is set to be more conspicuous than the characters and background colors of the other display portions of the requested user information. . As an example of the display method to be emphasized, the character or background color of the requested user information to be emphasized is set to a prominent color such as red or yellow, and the other parts of the requested user information to be displayed are black and the background is white. To.

  The above is an explanation of an example of a privacy policy difference display data creation method.

Returning to FIG.
(Step S56) The privacy protection device 100 transmits the privacy policy difference display data to the terminal device 10N that is the transmission source of the service use start application by the communication unit 1500. The privacy policy difference display data is received by the terminal device 10N.

(Step S57) The terminal device 10N displays the display screen 660 illustrated in FIG. 5 on its own display device based on the received privacy policy difference display data. However, in the privacy policy display area 670 of the display screen 660, the display portion of the requested user information different from the basic privacy policy data is displayed more emphasized than the display portions of the other requested user information. Thereby, the user can grasp | ascertain easily the request | requirement user information different from the content which agreed by the preset registration response. The user refers to the display screen 660 and performs an operation of designating the consent button 620 when agreeing as it is. On the other hand, when the user does not agree as it is, an operation of designating the consent button 620 after inputting a check (for example, a check mark) in the check box or deleting a check (for example, a check mark) input in the check box. I do. Alternatively, the user performs an operation of designating the non-agreement button 622 when not agreeing.

  When an operation for designating either the consent button 620 or the non-agreement button 622 is performed, the terminal device 10N transmits a privacy policy difference consent response to the privacy protection device 100. The privacy policy difference consent response is response data similar to the privacy policy consent response in the example of the privacy policy display data creation method described above. The privacy protection apparatus 100 receives a privacy policy difference consent response through the communication unit 1500. The privacy protection apparatus 100 holds the received privacy policy difference consent response.

(Step S <b> 58) The recording unit 1700 of the privacy protection device 100 records the presence or absence of the user's consent for the privacy policy of the target to obtain the user's consent based on the received privacy policy difference consent response. In this recording, the content of the privacy policy difference consent response is set in the authorization setting table 1701 illustrated in FIG. 6 as in step S18 of the information management method example 1.

  Next, step S19 is executed. Step S19 is the same as Example 1 of the information management method.

  The above is the description of the example 3 of the information management method.

  According to the present embodiment, since the privacy policy that the service provider asks the user for consent is presented to the user in a unified expression, the user can easily understand the privacy policy. Thereby, the effect which reduces a user's burden at the time of a user confirming the privacy policy which a service provider requires consent from a user is acquired.

  As mentioned above, although embodiment of this invention was explained in full detail with reference to drawings, the specific structure is not restricted to this embodiment, The design change etc. of the range which does not deviate from the summary of this invention are included.

  For example, the privacy protection device 100 has a web page providing function, opens a web page that can be browsed by communication from the terminal device 10N, and transmits / receives data to / from the terminal device 10N through the web page. Also good. The terminal device 10N includes a web browser, accesses a web page of the privacy protection device 100 through the web browser, and transmits / receives data to / from the privacy protection device 100 through the web page.

  In the above-described embodiment, in the example 3 of the information management method illustrated in FIG. 8, a preset registration application is transmitted from the terminal device 10N to the privacy protection device 100, and the privacy protection device 100 responds to the preset registration application. Although the case where the preset registration display data is transmitted to the terminal device 10N has been described, the present invention is not limited to this example. For example, the terminal device 10N may transmit a preset registration application including preset user information to be provided to the service provider to the privacy protection device 100.

  In the above-described embodiment, the name, the telephone number, the mail address, the contractor detailed information, the family information, the address, and the residence information are given as an example of the type of user information. However, the present invention is not limited to this example. For example, as the type of user information, information indicating whether or not the promotional material can be sent by direct mail or the like may be included.

  In addition, as an example of a condition for consent for the user to provide user information, an consent condition indicating that the user confirms consent every time the user information is provided is set in the authorization setting table 1701 for each user. May be. For the user whose consent condition is set in the authorization setting table 1701, the privacy protection apparatus 100 displays a display screen for confirming consent to the user on the terminal device 10N every time the user information is provided. Display data to be displayed is generated and transmitted to the terminal device 10N, and a response to confirm the consent is received from the terminal device 10N.

  In the configuration example of the communication system illustrated in FIG. 1 of the above-described embodiment, the case where one privacy protection device is included in the communication system has been described. For example, a plurality of privacy protection devices may be included in the communication system. In this case, the plurality of privacy protection devices may have the same function or different functions.

In addition, a computer program for realizing the functions of each device described above may be recorded on a computer-readable recording medium, and the program recorded on the recording medium may be read into a computer system and executed. Here, the “computer system” may include an OS and hardware such as peripheral devices.
“Computer-readable recording medium” refers to a flexible disk, a magneto-optical disk, a ROM, a writable nonvolatile memory such as a flash memory, a portable medium such as a DVD (Digital Versatile Disc), and a built-in computer system. A storage device such as a hard disk.

Further, the “computer-readable recording medium” means a volatile memory (for example, DRAM (Dynamic DRAM) in a computer system that becomes a server or a client when a program is transmitted through a network such as the Internet or a communication line such as a telephone line. Random Access Memory)), etc., which hold programs for a certain period of time.
The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.
The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

DESCRIPTION OF SYMBOLS 20 ... Communication network, 50 ... Communication network, 101-10N ... Terminal device, T01-T0M ... Service providing device, 100 ... Privacy protection device, 1100 ... Database, 1300 ... Display data creation part, 1500 ... Communication part, 1700 ... Recording , 1701 ... Authorization setting table, 1703 ... Pre-setting table

Claims (5)

A database that stores unified expression data, which is expression data that unifies expressions like the privacy policy,
Based on the text data of the privacy policy for which the user's consent is obtained, a privacy policy display area to be presented to the user and an agreement designation area for designating the user's consent for the display contents of the privacy policy display area A display data creation unit that creates display data to be displayed on the display screen using the unified expression data; and
A communication unit that transmits the display data to the terminal device of the user, and receives response data indicating the presence or absence of designation of the consent designation area of the display data from the terminal device;
Based on the response data, a recording unit that records the presence or absence of the user's consent for the target privacy policy;
An information management device comprising: The recording unit further records text data of a privacy policy with the user's consent,
The display data creation unit extracts a difference between the text data of a privacy policy for which consent is obtained again from the user and the text data of the privacy policy with consent of the user, and extracts the extracted data in the privacy policy display area. Highlight the difference,
The information management apparatus according to claim 1. The recording unit further records text data of the basic privacy policy of the user,
The display data creation unit extracts a difference between the text data of a privacy policy for which consent is obtained from the user and the text data of the basic privacy policy of the user, and the extracted difference is displayed in the privacy policy display area. To emphasize,
The information management apparatus according to claim 1 or 2. A step in which the information management apparatus stores in the database unified expression data, which is expression data that unifies expressions like a privacy policy;
Consent designation that designates the user's consent for the privacy policy display area to be presented to the user and the display content of the privacy policy display area based on the text data of the privacy policy for which the information management device obtains the user's consent A display data creating step for creating display data to be displayed on the display screen of the terminal device using the unified expression data;
A communication step in which the information management device transmits the display data to the terminal device of the user, and receives response data indicating presence / absence of designation of the consent designation area of the display data from the terminal device;
The information management device records, based on the response data, the presence or absence of the user's consent for the target privacy policy;
Information management method. On the computer,
A database function that stores unified expression data, which is data of expressions that unify expressions like privacy policies,
Based on the text data of the privacy policy for which the user's consent is obtained, a privacy policy display area to be presented to the user and an agreement designation area for designating the user's consent for the display contents of the privacy policy display area A display data creation function for creating display data to be displayed on the display screen using the unified expression data;
A communication function for transmitting the display data to the terminal device of the user and receiving response data indicating the presence or absence of designation of the consent designation area of the display data from the terminal device;
Based on the response data, a recording function for recording the presence or absence of the user's consent for the target privacy policy;
Computer program for realizing.

Images