Regulators Issue More Draft Rules to Tighten Up Lax Data Protection
Chinese regulators have released a draft policy on data protection — the second in a month — that aims to give customers more control over how their personal information is collected and used.
The proposed guidelines, released Tuesday (link in Chinese) by the Cyberspace Administration of China (CAC), lay out specific rules regarding the do’s and don’ts for how internet companies collect and use customer data.
The policy will be open for public comment until June 28. It followed another similar policy early this month, by the National Information Security Standardization Technical Committee, a separate government body tasked with advising central government agencies including CAC.
Under the proposed rules, companies should not collect more user information than necessary under pretexts such as “improving the user experience,” or by opting-in users by default, the CAC said Tuesday.
Lax regulation on data collection is considered one of the major factors that have allowed China’s internet industry to develop so quickly. That’s because the more data that internet companies collect, the better they can target users — even though such targeting has often come at the user’s expense.
A series of data violations over the past few months, however, has caught the attention of regulators as the public has called for greater scrutiny over data privacy.
Late last year, the China Consumers Association, a government institution affiliated with the State Council, said in a report (link in Chinese) that 91 of 100 consumer apps it tested had problems related to excessive collection of user data.
In December, the personal data of 30 million people using the dating app Momo — including phone numbers and passwords — were found up for sale online. In November, the selfie app Meitu saw its stock price plummet 10% after the China Consumer Association published a report criticizing it for collecting too much personal information from users.
The latest guideline pays particular attention to how users can get more control over app notifications — the messages that pop up on users’ phones without request.
Internet companies should allow users to completely turn off the notification function, the CAC guidelines said.
Those found to have committed data privacy violations can face punishments that include asset confiscation and the complete closure of the company, according to the guidelines.
Contact reporter Mo Yelin (firstname.lastname@example.org)
- MOST POPULAR
- Loose Monetary and Fiscal Policy Overseas Poses a Risk to China, Head of Top Banking Watchdog Says