Regulators Require 39 Companies Including Tencent and Alibaba to Establish Lists of Collected and Shared Personal Information

On Monday, China’s Personal Information Protection Law, which has attracted wide attention from internet companies, has been officially implemented. On the same day, the Ministry of Industry and Information Technology (MIIT) issued a notice proposing that relevant internet enterprises should establish “two lists” to protect personal information, including a “list of collected personal information” and a “list of personal information shared with third parties,” which should be displayed in apps for users to inquire. The first batch of enterprises to set up the “two lists” includes Tencent, Alibaba, Meituan, Kuaishou and Pinduoduo.

According to the new law, the collection of personal information should be limited to the minimum scope needed, and personal information should not be excessively collected. If an entity wants to provide other entities with the personal information it processes, it shall inform the individual of the name, contact information, purpose, method and type of personal information of the recipient entity, and obtain the individual’s separate consent.

At the same time, on November 1, the MIIT issued a notice, requesting companies in the information and communication industry to improve their services and enhance user satisfaction.

According to the notice, all relevant enterprises should establish the two lists mentioned above before the end of December this year, and display them in the app’s secondary menu to facilitate user inquiry. The list of collected personal information should be concise and clear, showing the basic information of users’ personal data collected by the app (including embedded third-party software tool development kit SDK). The list should also show the types of information and purposes of use, among other things.

SEE ALSO: China’s Cybersecurity Watchdog Targets 33 Apps for Excessive and Illegal Personal Data Collection

In addition, the notice stated that the list of personal information shared with third party entities should clearly show the basic information of users’ personal data shared by the app with other entities, including the types, purposes, use scenario and sharing methods of personal information shared with third parties.

In addition, for the problems such as “splash ads” that are difficult for users to close, which have been criticized by netizens for a long time, the notice requires that internet companies should set obvious closing buttons in their apps’ splash ads. The size, position and color of the buttons should be easy to identify, so that users can “find and close the ads easily.” The splash ads and videos shall not be used as links to induce users to tap or easily cause users to tap by mistake, thus bringing inconvenience to users.