China issues draft rules on privacy protection for app users

Out-Law News | 30 Apr 2021 | 7:58 am | 1 min. read

The rules are drafted by China’s Ministry of Industry and Information Technology and the State Administration of Market Regulation that under the guidance of the Cyberspace Administration of China.

Under the rules apps are required to disclose to users what personal information will be collected and for what purposes. Apps cannot collect users' personal information without consent, and they should only collect users’ minimum amount of information without having the information goes beyond the scope of the user's consent or which is not related to the app's main purpose.

When necessarily providing users' personal information to the third party, apps must inform users the third party’s information of identity, contact, purpose, and method of processing and relevant information.

Users should receive a separate notification if an app processes their sensitive personal information such as about their race, ethnicity, religious belief, personal biometrics, medical health, financial accounts, and personal locations.

Apps that violate the requirements will be notified and required to rectify the issue. They will be removed from app stores if they fail to rectify an issue or if they seriously violate the rules.

E-commerce expert Leo Xin of Pinsent Masons, the law firm behind Out-Law, said: “The highlight of these draft rules is that they set out an comprehensive regulatory framework which involves all the stakeholders in the app service supply chain, for example, not only the app developers and operators, but also distribution platforms, third party service providers, mobile terminal producers as well as internet connection service providers. Each stakeholder has their own responsibilities to jointly ensure the protection of privacy.”

The regulations will be open for comment until May 26.