With the development of big data era, we pay more attention to data security and personal privacy. Therefore, the mechanism of all kinds of apps to collect and submit information beyond the scope is widely criticized.
Recently, the central network information office, the Ministry of industry and information technology, the Ministry of public security and the State Administration of market supervision jointly issued the provisions on the scope of necessary personal information for common types of mobile Internet Applications (hereinafter referred to as the provisions), which specifies the scope of necessary personal information for 39 common types of apps and will come into force on May 1 this year.
The introduction of this provision also means that the business model of “commercial realization” through excessive collection of personal information will be “blocked”.
1、 39 categories of APP collection of personal information
The regulation points out that with the rapid development of mobile Internet, all kinds of applications have been popularized rapidly, but at the same time, the problem of collecting users’ personal information beyond the scope of app is very prominent. In particular, a large number of apps ask for personal information authorization through a package of bundled function services. If users refuse the authorization, they can not use the app basic function services, forcing users to authorize in disguise.
The notice specifies the scope of necessary personal information for 39 common types of mobile applications, such as map navigation, online shopping, job recruitment and learning education, and requires its operators not to refuse users to use the basic functions of the app because users do not agree to provide unnecessary personal information.
- For map navigation, the basic function service is “positioning and navigation”, and the necessary personal information is: location information, place of departure and place of arrival.
- The basic function of online car booking service is “online booking taxi service, cruise taxi on call service”. The necessary personal information includes: 1. Registered user’s mobile phone number; 2. Passenger’s departure, arrival, location information and track; 3. Payment information such as payment time, payment amount and payment channel (online booking taxi service).
- Instant messaging, the basic function of the service is “to provide text, pictures, voice, video and other network instant messaging services”, the necessary personal information includes: 1; 2. Account information: list of accounts and instant messaging contact accounts.
In addition, small programs are also included in the management. According to the “Research Report on personal information protection of small programs” released by Nandu personal information protection center and Institute of security, Chinese Academy of information and communications in September last year, the problem of small programs collecting personal information beyond the scope is relatively serious. For example, a small epidemic prevention program needs to recognize face information besides obtaining sensitive information such as personal name and ID number.
The report holds that in the epidemic prevention work under the actual line, the name, ID number and the corresponding relationship between the two, and then with the real person and ID card inspection, can not guarantee the accuracy of the information without obtaining the face information. The “provisions” clearly, small procedures are also included in the management, not beyond the necessary scope to collect personal information.
2、 Governance of APP infringement is a long-term project, and legislation highlights its importance
According to the Ministry of industry and information technology, as of March 2021, after a two-year special rectification, a total of 730000 app technical tests have been completed, 12 batches of external circulars have been issued, 3046 illegal apps have been ordered to be rectified, and 179 apps have been removed.
Last May, the Ministry of public security also announced ten cases of illegal collection of personal information app. However, there are still reports about the related violations. This year’s CCTV “3.15” party exposed the memory optimization, intelligent cleaning and other aspects, and some app problems such as illegal processing of personal information.
It can be seen that the governance of APP infringement on users’ rights and interests is a long-term project, which also highlights the importance of relevant legislative work. Therefore, China is stepping up the formulation and promulgation of the data security law, personal information protection law and other laws to provide institutional guarantee for data security and privacy protection.
Nowadays, mobile Internet is not only an ordinary network, but also an important connotation of China’s new infrastructure. The Fifth Plenary Session of the 19th CPC Central Committee pointed out the need to systematically lay out new infrastructure, and the outline of the 14th five year plan also clearly accelerated digital development, with special emphasis on strengthening personal information protection. There is no doubt that it is the need of the healthy development of mobile Internet to clarify the scope of app’s necessary personal information, and it is also the inevitable requirement of speeding up China’s new infrastructure construction.
*Part of the information comes from public information.