由于网络安全服务行业独特的技术原理及激烈的市场竞争，加之我国有关用户数据利用与保护立法构建、行业自律和民众意识等诸多方面缺失的原因，网络安全服务行业对用户数据的利用与保护存在着诸多问题。网络安全服务行业基于保障安全功能的实现和提供高效便捷服务的需要，具有收集和利用用户数据必要性，不能简单的禁止网络安全服务商对用户数据的收集与利用来解决存在的过分收集、不当利用、数据泄露等问题。本文通过对网络安全服务商收集和利用用户数据的范围、分类、法律属性分析和明确，借鉴域外对用户数据的利用与保护的经验，总结出我国网络安全服务行业中用户数据利用与保护的完善建议——一方面构建一整套网络安全服务行业中用户数据利用与保护的原则与规范，对网络安全服务商收集与利用用户数据的行为进行引导和约束，维护用户权益的同时促进网络安全服务行业发展。另一方面，在现有的民法法律框架下，针对网络安全服务行业收集与利用用户数据的特点，尝试从侵权责任和违约责任两个角度明确网络安全服务商的责任，以维护用户的合法数据权益。本文分为五个部分，第一部分对网络安全服务行业的运作原理进行介绍，明确了网络安全的界定、网络安全服务行业的技术原理。第二部分是网络安全服务行业中用户数据利用与保护的考量。分析了收集与利用用户数据的必要性，收集与利用的用户数据的分类，并从民法的角度界定了其法律属性。第三部分是我国网络安全服务行业中用户数据利用与保护的现状及存在问题的介绍，表明我国网络安全服务行业对用户数据的利用与保护方面存在立法和实践上的不足，诸多问题的产生亟需解决。第四部分是域外用户数据利用与保护的研究，从立法和实践两个角度进行介绍，并对其进行评析与借鉴，达到“他山之石，可以攻玉”的目的。第五部分依据前四个部分对我国的网络安全服务行业中用户数据利用与保护提出对策，包括在现有的民法法律框架下对用户数据的利用与保护提出对策以及在用户数据利用与保护方面构建原则与规则对其进行引导和约束，希望能解决当前我国网络安全服务行业收集与利用用户数据存在的问题，也为用户数据利用与保护的理论研究尽一份绵薄之力。

On account of the unique technology principle and fierce market competition of the service industry of network security, together with legislative construction of user data, industry self-regulation, public awareness and many other aspects, there are plenty of issues in the service industry of network security.In consideration of safety function, prosperity and development of the service industry of network security, it is necessary to collect and utilize user data. Instead of simple prohibition of collection, we should analysis and clear the range, the property and the legal relationship of the collection and utilization. And we also need to use the experience of other countries for reference，extract perfect suggestion for the service industry of network security in our country, and finally take both utilization and protection of user data into consideration. On the one hand to build a set of principles and norms of network security services industry, utilization and protection of user data and behavior of the network security service provider to collect and use data to guide the user and constraints, safeguard the interests of user data, while promoting the development of network security services industry. On the other hand, under the existing legal framework of civil law, tort liability and try from two angles clear breach of network security provider's responsibility to achieve the proper utilization and protection of user data purposes.This paper includes five sections, the first section is the introduction of the service industry of network security, including a clear definition of network security, technical principles of network security services industry. Section two is network security services industry consideration and the use of user data protection. It analyzes the necessity of user data collection and use, and defines the legal property of the collected data from the user point of view of civil law. Section three is the status quo and problems of our network security services industry in the user data utilization and protection, suggesting that inadequate legislation and practice of network security services industry exists on the use and protection of user data, resulting in many problems produce should be solved. Section four is a study aiming at the collection and utilization of user data that compares our country with others. We use the experience of other countries for reference to extract perfect suggestion for the service industry of network security in our country. The last section concludes the first four sections, extracting the perfect suggestion for the service industry of network security in our country, which mainly includes under the existing legal framework on the use of civil law to protect user data and coming up with strategies and building principles and rules in the use and protection of user data and constrainting to guide them. Hopefully this paper would help solve the issues of the service industry of network security in our country, meanwhile making a contribution to the theoretical research for the collection and protection of user data.