Activities that constitute illegal collection and use of personal data via Apps are clarified

To implement the data protection requirements under the PRC Cybersecurity Law, the Cyberspace Administration of China together with a few other relevant government authorities published the Guidance for Identifying Illegal Collection and Use of personal Data via Mobile Applications to facilitate the relevant enforcement actions on 30 December 2019. The Guidance describes 31 specific types of illegal activities and divides them into 6 categories. Please see below for examples of activities that the Guidance has classified as illegal:

• Where the rules or policies concerning the collection and use of personal data are:
  • not shown to users via pop-up windows or other noticeable ways before they can use the App for the first time; or
  • not presented to users within 4 clicks after they open the home page of the App; or
  • not available in simplified Chinese.
• Where the App:
  • sets the users’ consent as a default option (e.g. keeping the “I agree” button automatically clicked);
  • does not inform the users of the purpose, method and scope of the collection and use by third party SDKs and APIs;
  • keeps requesting users’ consent on an unreasonably frequent basis after they have refused to give the consent;
  • does not provide users the option to withdraw the consent given;
  • does not give the users the option of receiving pushed information that is not based on user profiling;
  • requests collecting personal data merely for the purposes of improving service levels, upgrading user experience, pushing targeted messages or developing new products;
  • shares personal data with third parties without either obtaining users’ consent or having the data anonymised; or
  • fails to process users’ request to correct or delete their personal data within 15 working days.

Since the beginning of 2019, enforcement against illegal personal data collection and use via mobile applications has been a focus of the regulator. This trend will likely continue considering that the total amount of mobile network users have reached around 850 million and considering the fast development of the 5G network in China.

Please click here for a full version of the Guidance (Chinese only).