MIIT to crack down on SDK plug-ins' unlawful collection and use of personal data

On 16 July 2020 China Central Television's (CCTV's) 3.15 programme exposed that third-party software development kit (SDK) plug-ins for mobile phones were collecting and using users' personal information. It was reported that technicians found that the SDK plug-ins from two companies (ie, Credit X and Zhaocai Dog) which are embedded in more than 50 apps were collecting user information without prior notice.

In response, the Ministry of Industry and Information Technology (MIIT) immediately asked the relevant entities to investigate the enterprises involved in accordance with the law.(1) The MIIT ordered:

• the Beijing Communications Bureau and the Shanghai Communications Bureau to inspect the two companies involved;
• third-party testing institutions to conduct technical testing on more than 50 apps that use the above SDKs; and
• major domestic application stores (eg, Alibaba, Tencent, Baidu, Huawei, Xiaomi, OPPO, vivo and 360) to conduct thorough investigations into similar problems as soon as possible. Apps found to have problems should be removed as soon as possible. App stores must also promptly instruct app developers to conduct self-examination and self-correction to promptly discover and process SDKs that unlawfully collect and use users' personal information.

As a next step, the MIIT will adopt normalised regulatory measures to strengthen the comprehensive management of apps. The MIIT will also increase the management and investigation of various unlawful activities (eg, the collection and use of users' personal information without consent) to effectively protect users' legitimate rights and interests.

For further information on this topic please contact Samuel Yang or Yang Chen at AnJie Law Firm by telephone (+86 10 8567 5988) or email (yanghongquan@anjielaw.com or chenyang@anjielaw.com). The AnJie Law Firm website can be accessed at www.anjielaw.com.

Endnotes

(1) See here.