The Tianjin Cyberspace Administration recently issued a circular which requires the operators of apps (including mini-programs and website tools) for the prevention and control of COVID-19 to fulfil personal information obligations in accordance with the law, provide relevant information on personal information protection online and carry out security-based self-assessments and rectification processes, where required.
The Network Security Administration of the Ministry of Industry and Information Technology (MIIT) recently interviewed the party responsible for the Sina Weblog App regarding a data breach caused by malicious use of the user query interface. Sina Weblog replied that it has upgraded its interface security strategy and will perform its data protection obligations according to MIIT's instructions.
The National Information Security Standardisation Technical Committee recently released the Network Security Standard Practice Guidelines – Guidelines for Personal Information Security Protection by Apps for public consultation. Based on the statistics released by certain assessment tools and the typical issues which have come to light due to the COVID-19 pandemic, the guidelines summarise 10 activities which app operators should avoid.
In order to protect personal information during the prevention and control phases of the COVID-19 pandemic, the Office of the Central Cyberspace Affairs Commission issued the Circular on Ensuring Effective Personal Information Protection and Utilisation of Big Data to Support Joint Efforts for Epidemic Prevention and Control. This article examines the circular's main requirements.
The National Financial Standardisation Technical Commission recently issued the Personal Financial Information Protection Technical Specification to regulate the secure management of personal financial information. Based on the damaging effects of unauthorised access to or the modification of such information, institutions without the corresponding financial qualification are not authorised to collect certain types of personal financial information.
The Ministry of Industry and Information Technology recently released the Guidelines on Classification and Grading of Industrial Data (On Trial) to guide industry and IT administrations, industrial enterprises and industrial internet platform enterprises in carrying out the classification and grading of industrial data. According to the guidelines, 'industrial data' refers to data generated and applied throughout the lifecycle of products and services in the industrial sector.
The State Administration for Market Regulation and the Standardisation Administration recently released a national standard circular to announce that the Information Security Technology – Personal Information Security Specification (Specification 2020) and seven additional national standards have been issued and will take effect on 1 October 2020. Specification 2020 was revised based on the Information Security Technology – Personal Information Security Specification which came into effect in 2018.
The novel coronavirus pneumonia has been classified as a Class B infectious disease under the Law on the Prevention and Treatment of Infectious Diseases and preventive and control measures for Class A infectious diseases have been taken. To cooperate with the state epidemic control measures and protect employees' health, employers must provide outbreak-related information on their employees, resulting in some special legal issues regarding personal information protection.
The Beijing Communications Administration recently organised a two-month examination of the network and data security of apps to target the illegal, compulsory and excessive collection of user information. The examination selected 50 apps with a certain influence and number of users, covering social media, online rental and automotive services, online education, finance, online medical care, basic telecoms enterprises and six other areas.
The Cyberspace Administration of China recently published the Administration Measures for Releasing Cybersecurity Threat Information (Draft for Comments) to solicit public opinions. According to the draft measures, the publication of cybersecurity threat information must be reported to regulators in a number of specific circumstances.
The Ministry of Education recently published the Administrative Measures for the Filing of Educational Apps. The administrative measures require providers of educational apps and institutional users of educational apps to go through filing procedures and indicate that the ministry is tightening controls on educational apps in China.
The Administrative Provisions on Online Audiovisual Information Services, which were jointly issued by the Cyberspace Administration of China and two other departments in November 2019, recently came into effect. The provisions set out requirements for the creation, distribution and transmission of audio videos based on new technologies and applications such as deep learning and virtual reality.
The Shanghai Cyberspace Administration recently released the 2019 Network Security Incident Contingency Plan. According to the contingency plan, network security incidents in Shanghai are classified as Grade I, Grade II, Grade III and Grade IV. If a network security incident occurs, the relevant entity must report it to the competent authority verbally within half an hour and in writing within one hour.
The Standing Committee of the National People's Congress recently approved the Cryptography Law. Under the law, cryptography is divided into core cryptography, ordinary cryptography and commercial cryptography. If a commercial cryptography product concerns state security, the national economy, people's livelihoods or social public interests, it will be included in the catalogue of critical network equipment and dedicated cybersecurity products under the law.
The App Governance Panel recently published a new draft of the Information Security Technology – Basic Specification for Collecting Personal Information in Mobile Internet Applications. Among other things, the new draft sets out requirements for apps that contain third-party codes or plug-ins which can collect personal data and revises the list of 'necessary' personal data for a variety of apps.
The App Governance Panel recently released a revised version of the Personal Information Security Specification for public consultation following the previous draft versions published in June and January 2019. The revised draft includes amendments regarding unsubscribing from online services and the obligations of data controllers and processors in that regard.
The People's Bank of China recently issued the Trial Measures for the Protection of Personal Financial Information/Data (Preliminary Draft) to relevant commercial banks in order to solicit their opinions. It has been reported that under the trial measures, banks and other financial institutions will be unable to obtain personal financial information from third parties that are illegally engaged in personal credit investigation activities.
The Ministry of Industry and Information Technology recently published the Guiding Opinions on Promoting the Development of the Network Security Industry for public comment. According to the opinions, the ministry aims to have a number of cybersecurity enterprises generating an annual revenue of over Rmb2 billion by 2025. As such, the opinions provide a list of recommendations to that end.
The Ministry of Education and seven other authorities recently published the Opinions on Guiding and Regulating the Orderly and Healthy Development of Educational Apps. The aim is that all educational mobile apps will be registered by the end of 2019. To this end, providers of such apps must file details of their apps with provincial education administrations and adhere to data protection rules.
The Cyberspace Administration of China recently published the draft Regulations on Network Eco-governance for public consultation. The regulations apply to the actions of network information content producers, network information content service platforms and network information content service users, which are prohibited from producing illegal or harmful information.