Draft rules on collection of personal data by apps revised
Newsletters
06 December 2019
On 25 October 2019 the App Governance Panel published a new draft of the Information Security Technology – Basic Specification for Collecting Personal Information in Mobile Internet Applications.(1) A previous draft of the specification had been published for comment in August 2019.
The new draft specifies that when an app contains third-party codes or plug-ins which can collect personal data and the data subject cannot refuse such collection, the app operator should ensure that the third-party codes or plug-ins fulfil the obligation of protecting personal information. Further, when app operators collect personal data which falls outside the agreed scope of such collection, they should obtain the data subject's consent for doing so. Consent should also be obtained if sensitive personal data is involved.
The new draft also revises the list of 'necessary' personal data for a variety of apps, such as internet payment, financial loan and exercise and fitness apps.
For further information on this topic please contact Samuel Yang or Yang Chen at AnJie Law Firm by telephone (+86 10 8567 5988) or email (yanghongquan@anjielaw.com or chenyang@anjielaw.com). The AnJie Law Firm website can be accessed at www.anjielaw.com.
Endnotes
(1) Further information is available here.
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.
Authors
