China redoubling crackdown on apps over privacy violations

2 min read

Regulators on Monday ordered China’s app developers and third-party service providers to halt illegal collection and use of personal data in a sweep targeting some of the country’s largest apps, which may include those run by major commercial lenders.

Why it matters: The latest crackdown signals the government’s determination to clean up unauthorized data collection from any and every company violating data privacy laws, particularly bigger players.

  • An official think tank affiliated with the Ministry of Industry and Information Technology (MIIT) found that nearly three-quarters of 130,000 financial apps tested had high-risk vulnerabilities.
  • The think tank, the China Academy of Information and Communications Technology, accused China’s big four commercial banks⁠—China Construction Bank, Bank of China, Agricultural Bank of China, Industrial and Commercial Bank of China⁠—of requesting user access to functions beyond the scope of their apps in a security assessment report last week.
  • Users on Weibo responded positively to Monday’s news, with some calling out the social media platform itself for forcing users to hand over personal information to use the app.

Details: The MIIT announced a “rectification” campaign against apps that “infringe user rights” and do not take steps to comply with regulations, threatening to halt their operations or take them down completely.

  • The platforms have until Nov. 10 to carry out self-inspections and make changes.
  • The “rectification” effort will focus on apps and their third-party service providers which collect and use personal data in violation of regulations, as well as those that make unreasonable requests for user authorization and obstruct account cancellation requests.
  • A third-party agency will conduct inspections into apps with high download numbers.
  • Authorities will take action against non-compliant apps during the first three weeks of December, and they face suspension or even blacklisting.

Dust has yet to settle two years after China’s landmark cybersecurity law

Context: This announcement is the latest part of an ongoing enforcement effort to identify apps that violate personal information collection laws. In January, four ministries launched a year-long campaign against such apps.

  • Li Jianling, deputy head of the Ministry of Public Security’s Third Research Institute, has said that while personal information protection is written into Cybersecurity Law, problems brought by weak execution persist.
  • In June, an interagency workgroup ranked the top three user complaints about data collection as the collection of irrelevant data, lack of public policy on data protection, and the inability to cancel accounts.
  • Relevant ministries have released more granular regulations, rules, and industry standards this year, which aim to add teeth to principles laid out in the Cybersecurity Law.