Personal data collection rules updated to define app users’ ‘non-consent’
Chinese regulators issued rules to app developers on Monday spelling out what counts as non-consensual personal data collection.
Why it matters: The rules provide a more explicit reference for app developers to consult when designing apps and may help them to avoid drawing ire from regulators.
Details: The finalized “identification methods for illegal collection of personal information by apps” (in Chinese) document follows draft rules released in May.
- The rules stipulate circumstances that count as collecting personal information unrelated to services provided, collecting information that exceeds business scope, and transferring data to others without consent.
- They also limit the time for handling related user complaints to 15 working days.
Context: A recent spate of high-profile failures to protect user privacy has spurred public outcry. Rounds of inspections ensued, with regulators taking apps offline for excessive personal data collection.
- These rules “help clients understand how to design their apps and avoid designs which would constitute non-consent and other unlawful acts,” says Samuel Yang, a data privacy and cybersecurity lawyer and partner at AnJie law firm.
- App operators argue that their use of such information is necessary to carry out their functions.
- At last week’s meeting of legislators, National People’s Congress Standing Committee member Li Feiyue said that a “huge risk to personal information security” is that some apps “excessively collect personal information or even see collecting personal information as their main purpose” (in Chinese).
- Legislators announced that work on new data security and personal information protection laws would start next year.