On 30 March 2020 the National Information Security Standardisation Technical Committee released the Network Security Standard Practice Guidelines – Guidelines for Personal Information Security Protection by Apps for public consultation.(1) The consultation period ended on 13 April 2020.
Based on the statistics released by certain assessment tools and the typical issues which have come to light due to the COVID-19 pandemic, the guidelines summarise 10 activities which operators of apps (including mini programs and apps to prevent or control COVID-19) should avoid – namely:
- collecting personal information beyond the agreed scope;
- making it impossible for users to deregister or imposing unreasonable deregistration conditions;
- forcing users to consent to a package of processing activities;
- failing to have a privacy policy;
- obtaining consent via a preset checkmark;
- failing to expressly state the rules on the use of personal sensitive information;
- failing to have a clear purpose for collecting personal information;
- failing to have a function to delete or correct personal information or any complaint channels;
- acting in a manner inconsistent with the privacy policy; and
- failing to inform data subjects of and obtain their consent for data collection by third-party software development kits.
Endnotes
(1) Further information is available here.
