The Cyberspace Administration of China (CAC) published a notice on its official website on May 21, naming 105 mobile apps for illegal collection and use of personal data. The notice stated that the CAC launched an investigation on commonly-used apps after receiving complaints from users regarding personal data infringement. Apps mentioned in the notice included popular short video apps like ByteDance’s Douyin and Kuaishou [1024:HK], search engine apps like Baidu [BIDU:US], and recruiting apps like LinkedIn and Zhaopin. As a result, CAC demanded that operators of mentioned mobile apps must rectify the violation and report to the department within 15 business days of the notice’s publication date.
The CAC regularly releases similar notices to hold application providers accountable. Previously, on May 10, 84 mobile apps including Mobile Manager by Tencent [0700:HK] and Money Shield by Alibaba [BABA:US] were called out on gathering information from users without consent and demanded to rectify their practices. Ding Jihua, an expert on the China Council for the Promotion of International Trade (CCPIT), remarked that mobile apps might be driven by commercial profit to over-collect personal data for market analysis. This tendency was due to the lack of clear external regulations, severe penalty, and awareness of personal information protection on the side of users and app operators, making it too easy to harvest excessive amount of data.
In response, Chinese authorities have been fine-tuning regulations and setting clearer, more effective guidelines. On May 1, the Guidelines on the Scope of Necessary Personal Information for Common Mobile App Types went into effect, outlining the range of personal data deemed necessary for 39 types of mobile apps and emphasizing that operators should not deny core services if users decline the provision of unnecessary personal information. Meanwhile, He Yuan, executive director of Data Law Research Center at Shanghai Jiao Tong University, pointed to increasing violation penalty as the key to reforming the sector. Correspondingly, China’s Personal Information Protection Law, of which a second draft was released on April 29, is expected to provide stricter penalty and more specific guidelines on the collection of personal data and curb violations in the future.