On 25 July 2020 the Secretariat of National Information Security Standardisation Technical Committee (NISSIT) released the Practical Guide to Cybersecurity Standards – Self-Assessment Guidelines for Apps to Collect and Use Personal Information to guide app operators to carry out self-assessment.(1)
The guidelines provide 28 self-assessment items in total, covering whether:
- the rules on collection and use of personal information are made public;
- the purpose, method and scope of collection and use of personal information are clearly stated;
- the collection and use of personal information is subject to the user's consent;
- the principle of necessity is complied with, under which only personal information in relation to the services being provided is collected;
- the provision of personal information to others is subject to the user's consent; and
- functions of deleting or correcting personal information are provided or methods for complaint are made public.
The guidelines are based on:
- the Method for Identifying the Illegal Collection and Use of Personal Information by Apps jointly issued by the Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security and the State Administration for Market Regulation; and
- the Guide to the Self-Assessment of Illegal Collection and Use of Personal Information by Apps issued by the App Governance Panel.
Endnotes
(1) See here.
