The National Information Security Standardization Technical Committee ("NISSTC") has recently issued the Information Security Technology - Basic Specification for Collecting Personal Information in Mobile Internet Applications (App) (Draft for Comment) (the "Draft for Comment") for public comment by March 20, 2020.
To address current issues concerning personal information protection associated with mobile internet applications (App), such as default authorization, bundling, collection of information beyond the authorized scope, the Draft for Comment sets forth the management requirements and technical requirements for collection of personal information by Apps, and the minimum necessary information collectable by Apps that offer common services such as navigation, online ride sharing, and instant messaging, thus providing a technical guidance on efforts to further regulate the collection of personal information in mobile internet Apps. Among others, the Draft for Comment prescribes that collection of personal information in an App requires the fulfillment of multiple requirements, including two requirements reading "the App operator shall perform its duties to safeguard the safety of personal information and take necessary measures to ensure the safety of personal information" and "the rules for how to collect personal information in an App should be made public in the App's privacy policy or by other means".