On May 10, according to the official website of the Cyberspace Administration of China, 84 apps were notified of the collection and use of personal information in violation of laws and regulations. The Nandu Personal Information Protection Research Group noted that this is the situation in which the Cyberspace Administration of China notified the "security management" and "online lending" apps after the last notification of the "input method", "map navigation" and "instant messaging" apps.
The Cyberspace Administration of China checks apps by type, is there any law?
It is understood that the four departments of the Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation jointly issued the "Provisions on the Scope of Personal Information Necessary for Common Types of Mobile Internet Applications" in March, clarifying the scope of necessary personal information for 39 common types of mobile applications such as map navigation, online ride-hailing, instant messaging, and online shopping, and requiring apps not to refuse users to use their basic functional services because users do not agree to provide non-essential personal information.
Some experts believe that the Cyberspace Administration of China will check the above 39 types of apps in turn, reminding "types that have not been checked to pay close attention to rectification."
The Nandu Personal Information Protection Research Group noted that in the security management app, the Cyberspace Administration of China notified a total of 36 apps, including Tencent Mobile Manager - QQ WeChat Protection (8.11.0), Cheetah Cleaning Master (6.19.7), 360 Mobile Guard (8.8.0) and so on. A total of 48 online lending apps were notified, including 360 IOUs (1.8.5.0), installment music (6.2.1), and repayment (5.9.5).
The above provisions make it clear that the basic functional services of security management apps are "to kill viruses, clean up malicious plug-ins, fix vulnerabilities, etc." Users do not need to submit personal information to use the basic functional services. The basic functional service of the online lending app is "personal loan application service for consumption, daily production and operation turnover, etc. realized through the Internet platform", and the necessary personal information includes the mobile phone number at the time of registration and the borrower's name, certificate type and number, certificate validity period, and bank card number.
The circular pointed out that most of the above-mentioned apps "violate the principle of necessity and collect personal information unrelated to the services they provide", and there are problems such as "collecting and using personal information without the consent of users" and "undisclosed collection and use rules".
The Cyberspace Administration of China stressed that in response to the problems found in the test, the relevant App operators should complete the rectification within 15 working days from the date of the release of this circular, and report the rectification to the Cyberspace Administration of China, and those who fail to complete the rectification within the time limit will be dealt with according to law.
List and situation of security management apps:
List and situation of online lending apps:
List of 84 apps that collect and use personal information in violation of laws and regulations.
You Yiwei, researcher at the Nandu Personal Information Protection Research Center