China Limits Scope of Mobile Apps’ Collection of Personal Data

Get the latest APAC ESG insights straight to your inbox

Email must be formatted correctly

Contact Us
  • Twitter

  • Linkedin

  • China Limits Scope of Mobile Apps’ Collection of Personal Data

    Share this article

    The Cyberspace Administration of China unveiled draft guidelines to limit the scope of how and when mobile apps can collect personal data, as reported by on December 2, 2020. The set of draft rules covers 38 types of apps from online payment and instant messaging to ride-hailing and food delivery. According to the draft, apps should inform users of the type of personal information they collect and ask for their consent before collecting data. Apps shall not refuse user installation and use as long as the user agrees to provide the necessary personal information, which refers to personal information necessary to ensure basic functions of the app. Currently, the draft is open for public comments.

    Taking a financial app as an example, access to a user’s list of contacts, location information and camera are excluded in the scope of necessary personal information. Meanwhile, only map navigation apps and ride-hailing apps may collect a user’s location information.

    In recent years, app’s requiring compulsory authorization of access to private data, and excessive claims to rights over a range of personal information have become commonplace in China. Illegal use of personal information such as trading of and leaks in data make users exposed to high risk. Individual users are often harassed by spam message and calls, while some are even cheated to the point of losing property or experience physical security concerns.

    This is not the first time that Chinese regulators have defined the scope of personal information that mobile apps may collect, in order to minimize the problems that every day users are experiencing. In June 2019, the National Standardization Technical Committee on Information Security also defined the scope of necessary personal information to be collected by apps. It is believed that once the draft is approved, the previous guidelines will be replaced.