China’s cybersecurity watchdog caught 33 map and text applications provided by Baidu Inc., Alibaba Group Holding and Tencent Holdings Ltd. collecting excessive personal data without users’ consent.
In a notice released by the Cyberspace Administration of China on May 1, the operators of the apps were given 10 days to rectify their unauthorized data collection or face financial penalties.
The app operators were divided into three categories depending on the abuses committed. The first group consists of 17 map navigation apps that failed to provide a function for deleting or correcting personal information. The second category covers 15 texting apps that collect personal information unrelated to the services they provide without the user’s consent. The third group involves a messaging app that induces users to share their mobile phone address book to distribute unauthorised sales and marketing messages.
Since the beginning of this year, the Ministry of Industry and Information Technology (MIIT) has tested a total of 290,000 apps and required the operators of 1,862 illegal apps to change their practices, according to a statement released by the State Council Information Office on April 20.
Personal information protection has become one of the top issues the public is concerned about. After the outbreak of covid, big data, artificial intelligence and other technologies have been widely used, which makes it both necessary and urgent to formulate a personal information protection law.
The authorities have put a draft Personal Data Protection Law regulating the country’s vast troves of data through a second hearing last week. Lawmakers put forward suggestions on handling personal information, the scope of sensitive personal information, the regulation pertaining to face recognition technology, the protection of minors’ personal information and other issues.
The MIIT also publicly solicited opinions on the Interim Provisions on the Protection and Management of Personal Information of Mobile Internet Applications last week.
According to the provision, apps that fail to rectify their approach will be forbidden from operating for 40 working days, which will significantly increase their costs.
Another highlight of the interim provision is that it refines the responsibilities of different subjects. It is necessary for platforms distributing applications to review their personal information processing mechanisms. Developers need to continuously optimize the notices regarding personal information, especially when it comes to sensitive issues such as recording, photographing and recording videos.
According to the authorities, the relevant subjects engaged in personal information processing activities should consciously accept social supervision. The China Academy of Information and Communication Technology took the lead in building a national app-testing platform, which provides strong technical support for the regulatory authorities to carry out daily inspection of application operators.
For ordinary users, the difficulty lies in how to find infringements. Operators are required to inform the user of the personal information processing rules in a clear manner.