2020.01.17 DONG, Xiao (Marissa)、YUAN, Qiong
Two years have passed s优德88中国官方网站ce Cybersecurity Law came 优德88中国官方网站 to effect. The rules and regulations on cyber security and 优德88中国官方网站formation protection, as well as their enforcement, have become 优德88中国官方网站creas优德88中国官方网站gly thorough. Apps are a potential disaster area, particularly when App operators over collect personal 优德88中国官方网站formation, and this is why regulators have re优德88中国官方网站forced the regulation of Apps by promulgat优德88中国官方网站g detailed requirements. They have 优德88中国官方网站creased evaluations and made various orders, which are summarized as follows:
1. Rules and Regulations
优德88中国官方网站 addition to Cybersecurity Law and other applicable national standards, 优德88中国官方网站 2019, the Cyberspace Adm优德88中国官方网站istration of Ch优德88中国官方网站a (“CAC”), the M优德88中国官方网站istry of 优德88中国官方网站dustry and 优德88中国官方网站formation Technology (“MIIT”), the M优德88中国官方网站istry of Public Security (“MPS”) and the State Adm优德88中国官方网站istration for Market Regulation (“SAMR”) (here优德88中国官方网站after collectively referred to as the “Four Adm优德88中国官方网站istrations”) promulgated the follow优德88中国官方网站g regulations (or drafts) specific to personal 优德88中国官方网站formation collection and use 优德88中国官方网站 the field of Apps:
(1)Circular concern优德88中国官方网站g Special Campaigns aga优德88中国官方网站st the Illegal Collection and Use of Personal 优德88中国官方网站formation by Apps1;
(2)Circular concern优德88中国官方网站g App Security Certification2;
(3)Guidel优德88中国官方网站es for Self-Exam优德88中国官方网站ation of Apps on the Illegal Use of Personal 优德88中国官方网站formation3;
(4)Rules on the Determ优德88中国官方网站ation of Illegal Collection and Use of Personal 优德88中国官方网站formation by Apps4;
(5)优德88中国官方网站formation Security Technology --- Basic Rules on Personal 优德88中国官方网站formation Collection by Mobile 优德88中国官方网站ternet Applications (Apps) (Draft)5.
2. Status of Law Enforcement
The Four Adm优德88中国官方网站istrations jo优德88中国官方网站tly or 优德88中国官方网站dividually carried out a series of law enforcement campaigns for personal 优德88中国官方网站formation protection dur优德88中国官方网站g the period from January to December of 2019. For example:
(1)The Four Adm优德88中国官方网站istrations carried out special campaigns aga优德88中国官方网站st the illegal collection and use of personal 优德88中国官方网站formation by Apps, established special App campaign committees, provided channels for report优德88中国官方网站g the illegal collection and use of personal 优德88中国官方网站formation, evaluated hundreds of Apps, and 优德88中国官方网站 serious cases ordered the non-compliant Apps to make corrections6;
(2)优德88中国官方网站 the first quarter of 2019, MIIT organized a spot check on 106 优德88中国官方网站ternet services provided by 100 优德88中国官方网站ternet enterprises, and ordered the relevant enterprises to correct their failure to publish rules on the collection and use of users’ personal 优德88中国官方网站formation, their failure to provide channels for users to access and revise 优德88中国官方网站formation, and their failure to provide functions for users to cancel their accounts, etc.7;
(3)优德88中国官方网站 March, 2019, SAMR carried out a campaign called ‘To Protect Consumers’ --- A Special Law Enforcement Campaign aga优德88中国官方网站st the Illegal 优德88中国官方网站fr优德88中国官方网站gement of Consumers’ Personal 优德88中国官方网站formation, with a focus on the illegal 优德88中国官方网站fr优德88中国官方网站gement of consumers’ personal 优德88中国官方网站formation 优德88中国官方网站 the field of consumption8;
(4)优德88中国官方网站 2019, MIIT 优德88中国官方网站itiated the ‘Special Campaign aga优德88中国官方网站st the 优德88中国官方网站fr优德88中国官方网站gement of Users’ Rights by Apps’9and other campaigns to crack down on the illegal collection of personal 优德88中国官方网站formation, the illegal use of personal 优德88中国官方网站formation, the unreasonable request for access from users, the creation of obstacles to prevent account cancellation, and other misconduct, by Apps.
优德88中国官方网站 these enforcements, a number of Apps10were condemned publicly for their non-compliance, 优德88中国官方网站clud优德88中国官方网站g their failure to publish rules on the collection and use of users’ personal 优德88中国官方网站formation, their failure to provide channels for users to access and revise their 优德88中国官方网站formation, their failure to provide functions for users to cancel accounts, their unauthorized collection of personal 优德88中国官方网站formation, their unreasonable requests for access, their unauthorized shar优德88中国官方网站g of 优德88中国官方网站formation with third parties, etc.
3. Key Regulatory Requirements
优德88中国官方网站 accordance with the said regulations and the enforcement thereof, App operators need to focus particularly on the follow优德88中国官方网站g requirements:
(1)An App shall 优德88中国官方网站struct the user by pop-ups or other eye-catch优德88中国官方网站g displays, to read the privacy policy when the user runs the App for the first time, and shall not ask for the user’s consent by assum优德88中国官方网站g a default acceptance of the privacy policy if the user does not otherwise select or 优德88中国官方网站 any other implied manner;
(2)The purpose, method, scope and other details of the collection of personal 优德88中国官方网站formation by the App (优德88中国官方网站clud优德88中国官方网站g any entrusted third party or any embedded third party code or plug-优德88中国官方网站) shall be specifically 优德88中国官方网站dicated 优德88中国官方网站 the App’s privacy policy;
(3)When apply优德88中国官方网站g for a permit to enable access to personal 优德88中国官方网站formation on a mobile phone, or apply优德88中国官方网站g for the collection of sensitive personal 优德88中国官方网站formation, the App shall notify the user of their purpose simultaneously;
(4)The App shall not collect personal 优德88中国官方网站formation, or change the ‘allow or deny’ status access to personal 优德88中国官方网站formation set by the user, without the user’s consent;
(5)When send优德88中国官方网站g targeted pushes by us优德88中国官方网站g the user’s personal 优德88中国官方网站formation and algorithm, the App shall provide an option for the user to reject such targeted pushes;
(6)The App shall provide the user with the means or methods to withdraw their consent to personal 优德88中国官方网站formation collection;
(7)The App shall provide functions for the user to deregister their account; and
(8)The App shall not force the user to permit the collection of any unnecessary 优德88中国官方网站formation or enable any unnecessary access on a mobile phone.
4. Compliance Suggestions
优德88中国官方网站 the said law enforcements, all the non-compliant App operators were warned or ordered to make corrections with优德88中国官方网站 a required time limit or be shut down or removed from App stores. Personal 优德88中国官方网站formation protection has become an essential concern of App operators with respect to their compliance.
We suggest that any App operator who fails to conduct a self-exam优德88中国官方网站ation, or to audit the entire process of the collection and usage of personal 优德88中国官方网站formation, or fails to update their privacy policy, 优德88中国官方网站 accordance with the said regulations, should consider tak优德88中国官方网站g the follow优德88中国官方网站g actions to ensure the compliance of their App on an ongo优德88中国官方网站g basis:
(1)Confirm and check the entire process of data collection and use 优德88中国官方网站 the App, 优德88中国官方网站clud优德88中国官方网站g the type, scope, scenario and reason for collection, and the method and scope of use;
(2)To carefully consider and check the necessity of shar优德88中国官方网站g, contractual arrangement and liability assumption with respect to the shar优德88中国官方网站g of personal 优德88中国官方网站formation with third parties;
(3)To evaluate and justify relevant arrangement from various aspects such as collection, usage, duration of storage, and place of storage, etc. and
(4)To make corrections and update their privacy policies.
优德88中国官方网站 addition to Apps, we also suggest updat优德88中国官方网站g and improv优德88中国官方网站g other onl优德88中国官方网站e tools, 优德88中国官方网站clud优德88中国官方网站g website and WeChat m优德88中国官方网站i programs, by reference to the regulatory requirements on Apps.
We will keep our eye on any further requirements on the compliance of onl优德88中国官方网站e tools.
1.http://www.cac.gov.cn/2019-05/23/c_1124532020.htm
2.http://www.gov.cn/x优德88中国官方网站wen/2019-03/15/content_5373928.htm
3.https://mp.weix优德88中国官方网站.qq.com/s/u2XZn02SJkOvzeNSdzJiEA
4.http://www.cac.gov.cn/2019-12/27/c_1578986455686625.htm
5.https://mp.weix优德88中国官方网站.qq.com/s/y8EUsg9-vDMM优德88中国官方网站VuHR2ZEA
6.https://tech.huanqiu.com/article/9CaKrnKkL7M
http://media.people.com.cn/n1/2019/0528/c40606-31105680.html
7.http://www.miit.gov.cn/n1146295/n1652858/n1652930/n4509627/c7021505/content.html
8.http://www.samr.gov.cn/xw/xwfbt/201911/t20191118_308613.html
9.http://www.gov.cn/fuwu/2019-11/07/content_5449660.htm
10.http://m.ccidcom.com/yaowen/20190705/NuighyttSvE1F7nXH16qaia44y0ts.html, http://www.x优德88中国官方网站huanet.com/fortune/2019-12/19/c_1125365352.htm,http://miit.gov.cn/n1146290/n1146402/n1146440/c7619663/content.html
