China’s National Information Security Standardization Technical Committee (NISSTC) issued a draft management guideline that regulates the processing of personal data by mobile internet applications, as reported by Caixin on June 14. The document requires the operating systems of mobile terminals (MTs) to inform users when apps use and collect their personal information, provide users with records of personal information reading, and help users optimize their data authorization scope. The draft guideline also demands that operating systems alert users with obvious notifications when apps apply for access to reading sensitive data, such as using the microphone, camera, and GPS. The draft guideline is soliciting public opinions until August 12.
The draft guideline was jointly drawn up by Huawei, NISSTC, and China Cybersecurity Review Technology and Certification Center (ISCCC). Other major smartphone producers in China, such as Oppo, Vivo, Xiaomi [1810:HK], and Samsung [005930:KS] also participated in the guideline’s formulation. The initiatives included in the guideline will be trialed in the mobile devices produced by the above companies at first before they apply to other terminal manufacturers. The management guideline is intended to cooperate with China’s Personal Information Protection Law. According to the specification of the guideline, the abuse of personal information by mobile internet apps is ubiquitous for a lack of relevant regulations. So far this year, China’s Ministry of Industry and Information Technology (MIIT) has inspected 3.22m apps over violating users’ rights and interests and removed around 3,000 substandard apps from app stores.