Chinese authorities are rolling out the country’s first internet privacy regulations (link in Chinese) applying to children amid a national crackdown on invasive data collection.
The policy, to be implemented Oct. 1, requires internet companies to inform parents and obtain their consent before collecting, using, transferring or disclosing children’s personal information. Companies can gain access only to data relevant to services they provide and only for the duration necessary.
According to the regulations, companies must provide dedicated user agreements for collecting children’s data including information on the purpose, manner, duration, scope and use of the data as well as use encryption and disclose such security measures. In the event these conditions change, consent must be obtained again.
Businesses must designate employees specifically charged with protecting children’s privacy, who will limit and document employee access to children’s information.
The policies also allow for parents to take charge of their child’s data. Parents will be able to request to delete or make changes to a child’s information, refuse or revoke access and file complaints.
Children are defined as those below the age of 14.
The regulation comes as frequent calls for app developers to cut back on invasive data collection go unheeded.
Most recently, the National Computer Virus Emergency Response Center, China’s official agency for anti-virus internet security, said apps including those backed by the country’s internet giants are harvesting user data without authorization, state-backed CCTV reported.
A separate draft regulation, aiming to standardize data collection for apps regardless of the age of users, was published in August. It requires app makers to authorize access to their products once users hand over the minimum possible amount of personal data and permissions for the products to function.
Contact reporter Dave Yin (firstname.lastname@example.org, @yindavid) www.twitter.com/yindavid