Mar 23, 2021 08:17 PM

New Rules Restrict What Kind of Personal Information Apps Can Demand

China has issued new regulations that clarify what counts as “necessary” personnel information that mobile apps are allowed to collect from their users. Photo: IC Pohto
China has issued new regulations that clarify what counts as “necessary” personnel information that mobile apps are allowed to collect from their users. Photo: IC Pohto

New regulations clarify what kinds of information China’s app operators are allowed to demand before people are able to use their platforms, as the country’s authorities extend a crackdown on data abuse.

A statement (link in Chinese) on the rules says that they lay out what categories of data can be considered “necessary” for 39 types of mobile apps, and that apps should not deny users access to basic services if they refuse to share data beyond the designated categories.

The rules, which come into effect on May 1, are being jointly issued by the general offices of the Cyberspace Administration of China, the Ministry of Industry and Information Technology (MIIT), the Ministry of Public Security, and the State Administration for Market Regulation.

The 39 types of mobile apps include those that provide navigation, ride hailing, instant messaging, payment and lending services, the statement said. For example, ride-hailing apps are allowed to require users’ phone number, location and payment details, while payment apps can require users to submit their phone number, name, ID information and bank card number.

The regulations say that 13 types of apps, including livestreaming and short-video platforms, should not demand any personal information when offering their basic services.

The new rules offer some details as to what can be considered the “basic services” of the different categories of app. For instance, the basic services of short-video platforms include searching for and viewing videos — but not hosting a livestream or uploading videos for others to watch.

It’s common for Chinese mobile apps to restrict users’ access to services unless they hand over their valuable data, which can be used to better target advertising or control risks. For example, some online lenders require their app users to allow them to collect data including users’ home address, contact list, biometric data such as fingerprints and facial appearance, purchasing records and the IP address of their devices. However, such data are not essential for online lending apps under the new rules when they provide basic services.

The regulations did not mention how app operators should go about collecting information not designated as necessary. Yu Leimin, a partner with law firm King & Wood Mallesons, said app operators could request permission to collect these kinds of data after explaining their purpose.

The authorities did not specify how violations would be punished. However in December, the MIIT said it had ordered the removal (link in Chinese) of 120 apps from app stores in recent years over data privacy issues.

 Read more 

Cover Story: The Fight Over China’s Law to Protect Personal Data

On the whole, app operators will likely face more severe punishments for data abuse after the new Personal Information Protection Law is passed, analysts said. A draft of the law is now being reviewed by the standing committee of the National People’s Congress, China’s top legislature.

Qian Tong and Cui Hao contributed to this report.

Contact reporter Tang Ziyi ( and editor Joshua Dummer (

Download our app to receive breaking news alerts and read the news on the go.

Follow the Chinese markets in real time with Caixin Global’s new stock database.

You've accessed an article available only to subscribers
Share this article
Open WeChat and scan the QR code