China redoubling crackdown on apps over privacy violations
Regulators on Monday ordered China’s app developers and third-party service providers to halt illegal collection and use of personal data in a sweep targeting some of the country’s largest apps, which may include those run by major commercial lenders.
Why it matters: The latest crackdown signals the government’s determination to clean up unauthorized data collection from any and every company violating data privacy laws, particularly bigger players.
- An official think tank affiliated with the Ministry of Industry and Information Technology (MIIT) found that nearly three-quarters of 130,000 financial apps tested had high-risk vulnerabilities.
- The think tank, the China Academy of Information and Communications Technology, accused China’s big four commercial banks—China Construction Bank, Bank of China, Agricultural Bank of China, Industrial and Commercial Bank of China—of requesting user access to functions beyond the scope of their apps in a security assessment report last week.
- Users on Weibo responded positively to Monday’s news, with some calling out the social media platform itself for forcing users to hand over personal information to use the app.
Details: The MIIT announced a “rectification” campaign against apps that “infringe user rights” and do not take steps to comply with regulations, threatening to halt their operations or take them down completely.
- The platforms have until Nov. 10 to carry out self-inspections and make changes.
- The “rectification” effort will focus on apps and their third-party service providers which collect and use personal data in violation of regulations, as well as those that make unreasonable requests for user authorization and obstruct account cancellation requests.
- A third-party agency will conduct inspections into apps with high download numbers.
- Authorities will take action against non-compliant apps during the first three weeks of December, and they face suspension or even blacklisting.
Dust has yet to settle two years after China’s landmark cybersecurity law
Context: This announcement is the latest part of an ongoing enforcement effort to identify apps that violate personal information collection laws. In January, four ministries launched a year-long campaign against such apps.
- Li Jianling, deputy head of the Ministry of Public Security’s Third Research Institute, has said that while personal information protection is written into Cybersecurity Law, problems brought by weak execution persist.
- In June, an interagency workgroup ranked the top three user complaints about data collection as the collection of irrelevant data, lack of public policy on data protection, and the inability to cancel accounts.
- Relevant ministries have released more granular regulations, rules, and industry standards this year, which aim to add teeth to principles laid out in the Cybersecurity Law.