The Secretariat of the National Information Security Standardization Technical Committee ("NISSTC") has recently enacted and issued the Practical Guide to Cyber Security Standards: Guidelines for the Safety Protection of Personal Information on Mobile Internet Applications (App) (Draft for Comment) (the "Draft for Comment") for public comment by April 13, 2020.
The Draft for Comment lays out the specific circumstances related to ten problems, including collecting personal information beyond the permitted scope, being impossible to cancel the registration of a user account or setting unreasonable conditions for such cancellation, and compelling users to grant authorization, and the corresponding precautionary measures. Among others, the Draft for Comment proposes that specific scenarios of APP's collection of personal information beyond the permitted scope include but are not limited to collecting irrelevant information, collecting non-essential information forcibly, and collecting information at an unreasonable frequency. In addition, the precautionary measures for such problem include but are not limited to seven measures, such as "not collecting personal information irrelevant to App services, not demanding the system authorization irrelevant to App services (such demand is not allowable even if the user is given an option to refuse to grant authorization)" and "observing the minimum necessity principle to collect/demand personal information/system authorization directly related to App services".