China is one step closer to cracking down on unscrupulous data collection by app developers. This week, the country’s cybersecurity watchdog started looking for comments about the range of user information that applications, from instant messaging to transport services, can collect.
The movement follows in the footsteps of a proposed law on data protection which was released in October and is currently under review. The comprehensive data privacy law is defined as a “ milestone ” if passed and implemented, wrote
the editorial of the China Daily, official spokesperson for the Chinese Communist Party. The law is established to restrict data practices not only by private companies, but also between government departments.
“Some personal information leaks have resulted in financial loss for individuals when that information is used to defraud the targeted person from their money,” the party newspaper said. “With increasingly advanced technology, the collection of personal information has spread to biological information, such as an individual’s face or even genes, which could have serious consequences if this information is misused. . “
Apps in China often force users to transmit excessive personal information by denying access when users refuse to give consent. The draft rules released this week put into practice by defining the types of data collection that are “legal, adequate and necessary. “
Related Downloads:
According to the project, the “necessary” data are those which guarantee the “normal operation of the basic functions of the applications”. As long as users have given permission to collect the necessary data, applications should grant them access.
Here are some examples of what is considered “necessary” personal information for different types of applications, as translated by China Law Translate.
- Navigation: location
- Shared transport: the real identity of the registered user (usually in the form of a mobile phone number in China) and location information
- Messaging: the real identity of the registered user and the contact list
- Payment: the real identity of the registered user, the bank details of the payer / payee
- Online shopping: real identity of registered user, payment details, recipient information such as name, address and phone number
- Games: the real identity of the registered user
- Dating: the real identity of the registered user and the age, sex and marital status of the person wishing to marry or date someone.
There are also categories of apps that are needed to grant access to users without collecting personal information in advance: Live Stream, Short Video, Video / Music Stream, News, Browsers, Photo Editors, and App Stores .
It should be noted that while the draft provides clear rules for requests, it does not provide details on how they will be enforced or how violators will be punished. For example, will app stores incorporate benchmarking into their approval process? Or will Internet users be the watchdog? It remains to be seen.