Chinese regulators have published new rules designed to prevent illegal collection and use of the personal information of app users, signalling the government’s determination to clean up unauthorised data collection by Internet players.

The document, published jointly by China’s Cyberspace Administration, Ministry of Industry and Information Technology, Ministry of Public Security, and State Administration for Market Regulation, provides a standard for identifying illegal collection and use of personal data by app developers.

The prohibited behaviours include the absence of published service regulations, failure to clarify the purpose and methods of data collection, collection and sharing of personal information without users’ consent and collection of user information not related to the service provided.

“The new rules generally cover all the blind spots for personal informational protection in relation to apps and draw a line for service providers,” said Liu Yuanxing, senior counsel at Beijing-based law firm, King & Partners. “It will help with the regulation of apps in China and help operators and distributors to self-regulate.”

Over the past year Chinese regulators have issued orders to the country’s app developers and third-party service providers to halt collection and use of personal data. Several apps related to finance, weather forecasting and retail were removed as part of a national crackdown on illegal data collection by Internet companies. More than 80% of China’s internet users experienced data breaches in 2018 while more than one third of apps in China are prone to data safety risk, according to a report by Xinhua News.

Earlier this year, the China Consumers Association (CCA) warned that a large number of smartphone apps in China were collecting an excessive amount of personal data, including user location, contact lists and mobile numbers. Separately, a report published in 2018 said that 91 out of 100 mobile apps that it reviewed were suspected of collecting too much data, without naming them.

The crackdown on unauthorised data collection is not only happening in China. Last year the European Union published its General Data Protection Regulation (GDPR) law giving users the right to request access to their personal data stored by online services and restricting how internet companies handle the information.

California’s consumer privacy act, which will take effect in January 2020, gives users the power to request Internet companies to disclose any personal information they have on them, and gives users the right to ask for it to be deleted.

With 5 million apps in use in the country, China is catching up with its western peers in efforts to protect netizens’ personal information. In 2016, a Cybersecurity Law, which bans online service providers from collecting and selling users’ personal information without their consent, was adopted by the Standing Committee of China’s top legislative body, the National People’s Congress.

In 2018, China’s National Information Security Standardization Technical Committee issued the Personal Information Security Specification, a national standard covering the collection, storage, use, sharing, transfer, and disclosure of personal information

 - SCMP